Adobe May 2014 Patch Tuesday
Last Updated: 2014-05-13 20:25:54 UTC
by Johannes Ullrich (Version: 1)
We are now up to 3 bulletins from Adobe.
TL;DR ? Current versions in one simple table (I hope I got that right):
|Adobe Reader XI||11.0.07||11.0.07||-|
|Adobe Reader X||10.1.10||10.1.10||-|
|Adobe Flash Player 13||22.214.171.124||126.96.36.199||188.8.131.529|
|Adobe Flash Player (Google Chrome)||184.108.40.206||220.127.116.11||18.104.22.168|
|Adobe Flash Player (MSFT Internet Expl)||22.214.171.124||-||-|
|Adobe Air SDK||126.96.36.199|
|Adobe Illustrator Subscription||16.2.2||16.2.2|
|Adobe Illustrator Non-Subscription||16.0.5||16.0.5|
APSB14-14: covering Flash Player . It fixes 6 different vulnerabilities, one of which was found earlier this year during the pwn2own contest (CVE-2014-0510).
These vulnerabilities affect Windows, Linux and OS X. Adobe assigned them "Priority 1" indicating that they may have been used in targeted exploits. This makes this a "Patch Now!" vulnerability for us.
CVE-2014-0510: pwn2own vulnerability. remote code execution with sandbox bypass.
CVE-2014-0516: Same origin bypass
CVE-2014-0517: Security feature bypass
CVE-2014-0518: Security feature bypass
CVE-2014-0519: Security feature bypass
CVE-2014-0520: Security feature bypass
APSB14-15: For Adobe Acrobat and Reader 
CVE-2014-0511: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0512: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0522: code execution (memory corruption)
CVE-2014-0523: code execution (memory corruption)
CVE-2014-0524: code execution (memory corruption)
CVE-2014-0525: code exectution (use after free?)
CVE-2014-0526: code execution (memory corruption)
CVE-2014-0527: code execution (use after free)
CVE-2014-0528: code execution (double free)
CVE-2014-0529: code execution (buffer overflow)
Like the Flash bulletin, this one is rated "Priority 1".
APSB14-11: Hotfix for Adobe Illustrator
CVE-2014-0513: code execution (Stack Overflow)
This bulletin is only rated "Priority 3".
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
May 13th 2014
9 years ago