VIR Vulnerability Intelligence Relay

CVE-2014-0528

critical
Published 2014-05-14 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/reader/apsb14-15.html

OS impact
OSVersionStatusFixed in
macos macosnot-affected

Application impact
VendorProductVersionsFixed
adobeacrobat_reader10.0
adobeacrobat_reader10.0.1
adobeacrobat_reader10.0.2
adobeacrobat_reader10.0.3
adobeacrobat_reader10.1
adobeacrobat_reader10.1.1
adobeacrobat_reader10.1.2
adobeacrobat_reader10.1.3
adobeacrobat_reader10.1.4
adobeacrobat_reader10.1.5
adobeacrobat_reader10.1.6
adobeacrobat_reader10.1.7
adobeacrobat_reader10.1.8
adobeacrobat_reader10.1.9
adobeacrobat_reader11.0
adobeacrobat_reader11.0.1
adobeacrobat_reader11.0.2
adobeacrobat_reader11.0.3
adobeacrobat_reader11.0.4
adobeacrobat_reader11.0.5
adobeacrobat_reader11.0.6
adobeacrobat10.0
adobeacrobat10.0.1
adobeacrobat10.0.2
adobeacrobat10.0.3
adobeacrobat10.1
adobeacrobat10.1.1
adobeacrobat10.1.2
adobeacrobat10.1.3
adobeacrobat10.1.4
adobeacrobat10.1.5
adobeacrobat10.1.6
adobeacrobat10.1.7
adobeacrobat10.1.8
adobeacrobat10.1.9
adobeacrobat11.0
adobeacrobat11.0.1
adobeacrobat11.0.2
adobeacrobat11.0.3
adobeacrobat11.0.4
adobeacrobat11.0.5
adobeacrobat11.0.6

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.