Adobe Reader and Acrobat Security Restriction Bypass Vulnerability (CVE-2014-9150)
Release date:
Updated on: 2014-3 3
Affected Systems:
Adobe Acrobat <11.0.09
Adobe Reader <11.0.09
Description:
Bugtraq id: 71366
CVE (CAN) ID: CVE-2014-9150
Adobe Reader (also known as Acrobat Reader) is an excellent PDF document reading software developed by Adobe. Acrobat is a series of products launched in 1993 for enterprises, technicians and creative professionals, making smart document delivery and collaboration more flexible, reliable, and secure.
In versions earlier than Adobe Reader and Acrobat 11.0.09 (Windows), The MoveFileEx call hook function is subject to competition. Attackers use NTFS connection attacks to bypass the sandbox protection mechanism, and write files in any location.
<* Source: Google Project Zero.
*>
Suggestion:
Vendor patch:
Adobe
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.adobe.com/support/security/
Https://code.google.com/p/google-security-research/issues/detail? Id = 103
This article permanently updates the link address: