| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.5 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Adobe Acrobat Reader. This affects an unknown part of the component File Handler. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2014-0546. The attack can be launched remotely. Moreover, an exploit is present. The affected component should be upgraded.
Details
A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader (Document Reader Software). Affected by this issue is an unknown part of the component File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
The weakness was disclosed 08/12/2014 by Costin Raiu and Vitaly Kamluk with Kaspersky Labs as APSB14-19 as confirmed advisory (Website). The advisory is available at helpx.adobe.com. This vulnerability is handled as CVE-2014-0546 since 12/20/2013. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details are unknown but an exploit is available.
It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 77175 (Adobe Reader < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 122484 (Adobe Reader and Acrobat Privilege Escalation Vulnerability (APSB14-19)). This issue was added on 05/25/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 06/15/2022:
Apply updates per vendor instructions.Upgrading to version 10.1.11 or 11.0.08 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16637.
The vulnerability is also documented in the databases at X-Force (95231), Zero-Day.cz (23), Tenable (77175), SecurityFocus (BID 69193†) and Vulnerability Center (SBV-45813†). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
- 10.0
- 10.0.1
- 10.0.2
- 10.0.3
- 10.1
- 10.1.1
- 10.1.2
- 10.1.3
- 10.1.4
- 10.1.5
- 10.1.6
- 10.1.7
- 10.1.8
- 10.1.9
- 10.1.10
- 11.0
- 11.0.1
- 11.0.2
- 11.0.3
- 11.0.4
- 11.0.5
- 11.0.6
- 11.0.7
License
Website
- Vendor: https://www.adobe.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.6VulDB Meta Temp Score: 8.5
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CNA Base Score: 9.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 77175
Nessus Name: Adobe Reader < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 800078
OpenVAS Name: Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Zero-Day.cz: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Acrobat Reader 10.1.11/11.0.08
TippingPoint: 🔍
Timeline
12/20/2013 🔍08/12/2014 🔍
08/12/2014 🔍
08/12/2014 🔍
08/12/2014 🔍
08/12/2014 🔍
08/12/2014 🔍
08/13/2014 🔍
08/13/2014 🔍
11/22/2025 🔍
Sources
Vendor: adobe.comAdvisory: APSB14-19
Researcher: Costin Raiu, Vitaly Kamluk
Organization: Kaspersky Labs
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-0546 (🔍)
GCVE (CVE): GCVE-0-2014-0546
GCVE (VulDB): GCVE-100-67322
OVAL: 🔍
IAVM: 🔍
X-Force: 95231 - Adobe Acrobat and Adobe Reader code execution, High Risk
SecurityFocus: 69193 - Adobe Acrobat and Reader CVE-2014-0546 Unspecified Security Bypass Vulnerability
SecurityTracker: 1030711
Vulnerability Center: 45813 - [APSB14-19] Adobe Reader and Acrobat Remote Security Bypass Vulnerability, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 08/13/2014 11:06Updated: 11/22/2025 02:38
Changes: 08/13/2014 11:06 (46), 04/07/2017 10:45 (31), 02/10/2022 11:42 (2), 02/10/2022 11:50 (7), 02/10/2022 11:58 (1), 04/26/2024 15:01 (29), 06/28/2024 21:59 (12), 07/12/2024 03:06 (2), 09/09/2024 22:30 (1), 12/21/2024 19:05 (2), 02/05/2025 01:01 (11), 11/22/2025 02:38 (3)
Complete: 🔍
Cache ID: 216:567:103
No comments yet. Languages: en.
Please log in to comment.