Vulnerability Description
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Reader | 10.0 |
| Apple | Mac Os X | All versions |
| Microsoft | Windows | All versions |
| Adobe | Acrobat | 10.0 |
Related Weaknesses (CWE)
References
- http://helpx.adobe.com/security/products/reader/apsb14-28.htmlVendor Advisory
- http://helpx.adobe.com/security/products/reader/apsb14-28.htmlVendor Advisory
FAQ
What is CVE-2014-8452?
CVE-2014-8452 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an en...
How severe is CVE-2014-8452?
CVE-2014-8452 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8452?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Reader, Apple Mac Os X, Microsoft Windows, Adobe Acrobat.