VIR Vulnerability Intelligence Relay

CVE-2014-9165

critical
Published 2014-12-10 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/reader/apsb14-28.html

OS impact
OSVersionStatusFixed in
macos macosaffected

Application impact
VendorProductVersionsFixed
adobeacrobat_reader10.0
adobeacrobat_reader10.0.1
adobeacrobat_reader10.0.2
adobeacrobat_reader10.0.3
adobeacrobat_reader10.1
adobeacrobat_reader10.1.1
adobeacrobat_reader10.1.2
adobeacrobat_reader10.1.3
adobeacrobat_reader10.1.4
adobeacrobat_reader10.1.5
adobeacrobat_reader10.1.6
adobeacrobat_reader10.1.7
adobeacrobat_reader10.1.8
adobeacrobat_reader10.1.9
adobeacrobat_reader10.1.10
adobeacrobat_reader10.1.11
adobeacrobat_reader10.1.12
adobeacrobat_reader11.0.0
adobeacrobat_reader11.0.01
adobeacrobat_reader11.0.02
adobeacrobat_reader11.0.03
adobeacrobat_reader11.0.04
adobeacrobat_reader11.0.05
adobeacrobat_reader11.0.06
adobeacrobat_reader11.0.07
adobeacrobat_reader11.0.08
adobeacrobat_reader11.0.09
adobeacrobat10.0
adobeacrobat10.0.1
adobeacrobat10.0.2
adobeacrobat10.0.3
adobeacrobat10.1
adobeacrobat10.1.1
adobeacrobat10.1.2
adobeacrobat10.1.3
adobeacrobat10.1.4
adobeacrobat10.1.5
adobeacrobat10.1.6
adobeacrobat10.1.7
adobeacrobat10.1.8
adobeacrobat10.1.9
adobeacrobat10.1.10
adobeacrobat10.1.11
adobeacrobat10.1.12
adobeacrobat11.0
adobeacrobat11.0.1
adobeacrobat11.0.2
adobeacrobat11.0.3
adobeacrobat11.0.4
adobeacrobat11.0.5
adobeacrobat11.0.6
adobeacrobat11.0.7
adobeacrobat11.0.8
adobeacrobat11.0.9

References

Verify integrity in audit chain (admin only). AS-IS.