VIR Vulnerability Intelligence Relay

CVE-2014-9160

critical
Published 2015-05-13 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/reader/apsb15-10.html

OS impact
OSVersionStatusFixed in
macos macosaffected

Application impact
VendorProductVersionsFixed
adobeacrobat_reader10.1.0
adobeacrobat_reader10.1.1
adobeacrobat_reader10.1.2
adobeacrobat_reader10.1.3
adobeacrobat_reader10.1.4
adobeacrobat_reader10.1.5
adobeacrobat_reader10.1.6
adobeacrobat_reader10.1.7
adobeacrobat_reader10.1.8
adobeacrobat_reader10.1.9
adobeacrobat_reader10.1.10
adobeacrobat_reader10.1.11
adobeacrobat_reader10.1.12
adobeacrobat_reader10.1.13
adobeacrobat_reader11.0.0
adobeacrobat_reader11.0.1
adobeacrobat_reader11.0.2
adobeacrobat_reader11.0.3
adobeacrobat_reader11.0.4
adobeacrobat_reader11.0.5
adobeacrobat_reader11.0.6
adobeacrobat_reader11.0.7
adobeacrobat_reader11.0.8
adobeacrobat_reader11.0.9
adobeacrobat_reader11.0.10
adobeacrobat10.1.0
adobeacrobat10.1.1
adobeacrobat10.1.2
adobeacrobat10.1.3
adobeacrobat10.1.4
adobeacrobat10.1.5
adobeacrobat10.1.6
adobeacrobat10.1.7
adobeacrobat10.1.8
adobeacrobat10.1.9
adobeacrobat10.1.10
adobeacrobat10.1.11
adobeacrobat10.1.12
adobeacrobat10.1.13
adobeacrobat11.0.0
adobeacrobat11.0.1
adobeacrobat11.0.2
adobeacrobat11.0.3
adobeacrobat11.0.4
adobeacrobat11.0.5
adobeacrobat11.0.6
adobeacrobat11.0.7
adobeacrobat11.0.8
adobeacrobat11.0.9
adobeacrobat11.0.10

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.