CVE-2014-0521

Adobe Reader and Acrobat 10.x < 10.1.10 and 11.x < 11.0.07 - Information Disclosure via JavaScript API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0521. PoCs published by molnarg.

AI-analyzed exploit summary This repository contains proof-of-concept PDFs exploiting CVE-2014-0521, a JavaScript-based vulnerability in Adobe Reader. The PoCs demonstrate file reading and exfiltration via WebDAV, targeting versions prior to 11.0.07.

Description

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.

Exploits (1)

nomisec WORKING POC 12 stars
by molnarg · poc
https://github.com/molnarg/cve-2014-0521

This repository contains proof-of-concept PDFs exploiting CVE-2014-0521, a JavaScript-based vulnerability in Adobe Reader. The PoCs demonstrate file reading and exfiltration via WebDAV, targeting versions prior to 11.0.07.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader < 11.0.07
No auth needed
Prerequisites: Victim opens malicious PDF · WebDAV server for exfiltration (PoC-2)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0991
EPSS Percentile 95.0%

Details

CWE
CWE-200
Status published
Products (42)
adobe/acrobat 10.0
adobe/acrobat 10.0.1
adobe/acrobat 10.0.2
adobe/acrobat 10.0.3
adobe/acrobat 10.1
adobe/acrobat 10.1.1
adobe/acrobat 10.1.2
adobe/acrobat 10.1.3
adobe/acrobat 10.1.4
adobe/acrobat 10.1.5
... and 32 more
Published May 14, 2014
Tracked Since Feb 18, 2026