Unrated severityNVD Advisory· Published Nov 30, 2014· Updated May 6, 2026

CVE-2014-9150

Description

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

Affected products

Adobe Inc./Acrobat Reader9 versions
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=11.0.8
- cpe:2.3:a:adobe:acrobat_reader:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.5:-:*:*:*:windows:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:*
Adobe Inc./Acrobat9 versions
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: <=11.0.8
- cpe:2.3:a:adobe:acrobat:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.5:-:*:*:*:windows:*:*
- cpe:2.3:a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/reader/apsb14-28.htmlnvdPatchVendor Advisory
code.google.com/p/google-security-research/issues/detailnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000