Description
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://helpx.adobe.com/security/products/reader/apsb14-28.html
Issue Tracking x_refsource_misc
https://code.google.com/p/google-security-research/issues/detail?id=103
Scores
EPSS
0.0227
EPSS Percentile
80.8%
Details
CWE
CWE-362
Status
published
Products (18)
adobe/acrobat
11.0
adobe/acrobat
11.0.1
adobe/acrobat
11.0.2
adobe/acrobat
11.0.3
adobe/acrobat
11.0.4
adobe/acrobat
11.0.5
adobe/acrobat
11.0.6
adobe/acrobat
11.0.7
adobe/acrobat
< 11.0.8
adobe/acrobat_reader
11.0
... and 8 more
Published
Nov 30, 2014
Tracked Since
Feb 18, 2026