CVE-2014-9150 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.4 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat_reader	𝑥 ≤ 11.0.8
adobe	acrobat_reader	11.0
adobe	acrobat_reader	11.0.1
adobe	acrobat_reader	11.0.2
adobe	acrobat_reader	11.0.3
adobe	acrobat_reader	11.0.4
adobe	acrobat_reader	11.0.5
adobe	acrobat_reader	11.0.6
adobe	acrobat_reader	11.0.7
adobe	acrobat	𝑥 ≤ 11.0.8
adobe	acrobat	11.0
adobe	acrobat	11.0.1
adobe	acrobat	11.0.2
adobe	acrobat	11.0.3
adobe	acrobat	11.0.4
adobe	acrobat	11.0.5
adobe	acrobat	11.0.6
adobe	acrobat	11.0.7

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://helpx.adobe.com/security/products/reader/apsb14-28.html

https://code.google.com/p/google-security-research/issues/detail?id=103

http://helpx.adobe.com/security/products/reader/apsb14-28.html

https://code.google.com/p/google-security-research/issues/detail?id=103