Details of VAR-201401-0370

ID

VAR-201401-0370

CVE

CVE-2014-0493

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-001181

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 2.07

sources: NVD: CVE-2014-0493 // JVNDB: JVNDB-2014-001181 // BID: 64802 // VULHUB: VHN-67986 // VULMON: CVE-2014-0493

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	gte	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	11.0	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.06)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.9)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.06)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.9)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 0.6

sources: JVNDB: JVNDB-2014-001181 // CNNVD: CNNVD-201401-335 // NVD: CVE-2014-0493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0493
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0493
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201401-335
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-67986
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-0493
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0493
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-67986
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-67986 // VULMON: CVE-2014-0493 // JVNDB: JVNDB-2014-001181 // CNNVD: CNNVD-201401-335 // NVD: CVE-2014-0493

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-67986 // JVNDB: JVNDB-2014-001181 // NVD: CVE-2014-0493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-335

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201401-335

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001181

PATCH

title:	APSB14-01	url:	http://helpx.adobe.com/security/products/acrobat/apsb14-01.html	Trust: 0.8
title:	APSB14-01	url:	http://helpx.adobe.com/jp/security/products/acrobat/apsb14-01.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140116.html	Trust: 0.8
title:	AdbeRdrUpd11006	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47547	Trust: 0.6
title:	AcrobatUpd1019	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47550	Trust: 0.6
title:	AcrobatUpd11006	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47549	Trust: 0.6
title:	AdbeRdrUpd1019	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47548	Trust: 0.6
title:	Securelist	url:	https://securelist.com/adobes-first-patch-tuesday-of-2014/58211/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/adobe-updates-security-for-flash-reader-acrobat/103613/	Trust: 0.1

sources: VULMON: CVE-2014-0493 // JVNDB: JVNDB-2014-001181 // CNNVD: CNNVD-201401-335

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0493	Trust: 2.9
db:	SECTRACK	id:	1029604	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-001181	Trust: 0.8
db:	SECUNIA	id:	56303	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-335	Trust: 0.6
db:	BID	id:	64802	Trust: 0.5
db:	VULHUB	id:	VHN-67986	Trust: 0.1
db:	VULMON	id:	CVE-2014-0493	Trust: 0.1

sources: VULHUB: VHN-67986 // VULMON: CVE-2014-0493 // BID: 64802 // JVNDB: JVNDB-2014-001181 // CNNVD: CNNVD-201401-335 // NVD: CVE-2014-0493

REFERENCES

url:	http://helpx.adobe.com/security/products/acrobat/apsb14-01.html	Trust: 1.8
url:	http://www.securitytracker.com/id/1029604	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0493	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140115-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140003.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0493	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=12878	Trust: 0.8
url:	http://secunia.com/advisories/56303	Trust: 0.6
url:	http://www.adobe.com	Trust: 0.3
url:	http://www.adobe.com/support/downloads/product.jsp?product=10&platform=macintosh	Trust: 0.3
url:	http://www.adobe.com/support/downloads/product.jsp?product=10&platform=windows	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3
url:	http://helpx.adobe.com/security/products/reader/apsb14-01.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/64802	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32433	Trust: 0.1
url:	https://threatpost.com/adobe-updates-security-for-flash-reader-acrobat/103613/	Trust: 0.1

sources: VULHUB: VHN-67986 // VULMON: CVE-2014-0493 // BID: 64802 // JVNDB: JVNDB-2014-001181 // CNNVD: CNNVD-201401-335 // NVD: CVE-2014-0493

CREDITS

Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team

Trust: 0.3

sources: BID: 64802

SOURCES

db:	VULHUB	id:	VHN-67986
db:	VULMON	id:	CVE-2014-0493
db:	BID	id:	64802
db:	JVNDB	id:	JVNDB-2014-001181
db:	CNNVD	id:	CNNVD-201401-335
db:	NVD	id:	CVE-2014-0493

LAST UPDATE DATE

2024-11-23T22:31:21.296000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-67986	date:	2018-12-13T00:00:00
db:	VULMON	id:	CVE-2014-0493	date:	2018-12-13T00:00:00
db:	BID	id:	64802	date:	2014-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-001181	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-335	date:	2014-01-21T00:00:00
db:	NVD	id:	CVE-2014-0493	date:	2024-11-21T02:02:15.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-67986	date:	2014-01-15T00:00:00
db:	VULMON	id:	CVE-2014-0493	date:	2014-01-15T00:00:00
db:	BID	id:	64802	date:	2014-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-001181	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-335	date:	2014-01-21T00:00:00
db:	NVD	id:	CVE-2014-0493	date:	2014-01-15T16:13:04.057