CVE-2014-0514

Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-0514. PoCs published by Metasploit, Yorick Koster, Yorick Koster, joev, including Metasploit module exploits/android/fileformat/adobe_reader_pdf_js_interface.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-0514 in Adobe Reader for Android by embedding a JavaScript exploit into a PDF, leveraging the addJavascriptInterface vulnerability to achieve remote code execution.

Description

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalarm
https://www.exploit-db.com/exploits/33791

This Metasploit module exploits CVE-2014-0514 in Adobe Reader for Android by embedding a JavaScript exploit into a PDF, leveraging the addJavascriptInterface vulnerability to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader for Android < 11.2.0
No auth needed
Prerequisites: Vulnerable version of Adobe Reader for Android · Ability to deliver malicious PDF to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Yorick Koster · textlocalandroid
https://www.exploit-db.com/exploits/32884

This exploit leverages insecure JavaScript interfaces in Adobe Reader for Android to execute arbitrary Java code, allowing file creation in the app sandbox. The PoC demonstrates command execution via reflection APIs exposed through JavaScript objects.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader for Android version 11.1.3
No auth needed
Prerequisites: Victim must open a malicious PDF in Adobe Reader for Android
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Yorick Koster, joev · rubypocandroid
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/fileformat/adobe_reader_pdf_js_interface.rb

This Metasploit module exploits CVE-2014-0514 in Adobe Reader for Android by embedding a JavaScript interface exploit within a PDF, leading to remote code execution via a reverse TCP payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader for Android < 11.2.0
No auth needed
Prerequisites: Vulnerable Adobe Reader for Android installation · Ability to deliver malicious PDF to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66798
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33791
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531831/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/105781
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32884
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/192

Scores

EPSS 0.7200
EPSS Percentile 99.4%

Details

CWE
CWE-264
Status published
Products (2)
adobe/adobe_reader 11.1.0
adobe/adobe_reader < 11.1.3
Published Apr 15, 2014
Tracked Since Feb 18, 2026