CVE-2014-0568

high

Description

The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attack.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96000

https://code.google.com/p/google-security-research/issues/detail?id=94

http://www.securitytracker.com/id/1030853

http://www.securityfocus.com/bid/69828

http://helpx.adobe.com/security/products/reader/apsb14-20.html

Details

Source: Mitre, NVD

Published: 2014-09-17

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High