Sign-up

ID

VAR-201401-0372


CVE

CVE-2014-0495


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-001182

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0495 // JVNDB: JVNDB-2014-001182 // BID: 64803 // VULHUB: VHN-67988

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:gteversion:10.0

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:11.0.6

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:10.1.9

Trust: 1.0

vendor:adobemodel:acrobatscope:gteversion:11.0

Trust: 1.0

vendor:adobemodel:readerscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:xi (11.0.06)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:x (10.1.9)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:xi (11.0.06)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:x (10.1.9)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:10.1.8

Trust: 0.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.5

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.6

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 0.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.4

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.4

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.7

Trust: 0.6

vendor:adobemodel:acrobatscope:eqversion:10.1.5

Trust: 0.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.3

Trust: 0.6

sources: JVNDB: JVNDB-2014-001182 // CNNVD: CNNVD-201401-336 // NVD: CVE-2014-0495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0495
value: HIGH

Trust: 1.0

NVD: CVE-2014-0495
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201401-336
value: CRITICAL

Trust: 0.6

VULHUB: VHN-67988
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0495
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-67988
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-67988 // JVNDB: JVNDB-2014-001182 // CNNVD: CNNVD-201401-336 // NVD: CVE-2014-0495

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-67988 // JVNDB: JVNDB-2014-001182 // NVD: CVE-2014-0495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-336

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201401-336

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001182

PATCH
title:APSB14-01url:http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
Trust: 0.8
title:APSB14-01url:http://helpx.adobe.com/jp/security/products/acrobat/apsb14-01.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20140116.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001182

EXTERNAL IDS
db:NVDid:CVE-2014-0495
Trust: 2.8
db:SECTRACKid:1029604
Trust: 1.1
db:JVNDBid:JVNDB-2014-001182
Trust: 0.8
db:CNNVDid:CNNVD-201401-336
Trust: 0.7
db:SECUNIAid:56303
Trust: 0.6
db:BIDid:64803
Trust: 0.4
db:VULHUBid:VHN-67988
Trust: 0.1
sources:
            
            
            VULHUB: VHN-67988 // 
            
            
            
            BID: 64803 // 
            
            
            
            JVNDB: JVNDB-2014-001182 // 
            
            
            
            CNNVD: CNNVD-201401-336 // 
            
            
            
            NVD: CVE-2014-0495

REFERENCES
url:http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
Trust: 1.7
url:http://www.securitytracker.com/id/1029604
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0495
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20140115-adobereader.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2014/at140003.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0495
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=12878
Trust: 0.8
url:http://secunia.com/advisories/56303
Trust: 0.6
url:http://www.adobe.com
Trust: 0.3
url:http://www.adobe.com/products/reader/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-67988 // 
            
            
            
            BID: 64803 // 
            
            
            
            JVNDB: JVNDB-2014-001182 // 
            
            
            
            CNNVD: CNNVD-201401-336 // 
            
            
            
            NVD: CVE-2014-0495

CREDITS
Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team
Trust: 0.3
sources:
            
            
            BID: 64803

SOURCES
db:VULHUBid:VHN-67988
db:BIDid:64803
db:JVNDBid:JVNDB-2014-001182
db:CNNVDid:CNNVD-201401-336
db:NVDid:CVE-2014-0495

LAST UPDATE DATE
2024-11-23T22:31:21.363000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-67988date:2018-12-13T00:00:00
db:BIDid:64803date:2014-01-14T00:00:00
db:JVNDBid:JVNDB-2014-001182date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-336date:2014-01-21T00:00:00
db:NVDid:CVE-2014-0495date:2024-11-21T02:02:15.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-67988date:2014-01-15T00:00:00
db:BIDid:64803date:2014-01-14T00:00:00
db:JVNDBid:JVNDB-2014-001182date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-336date:2014-01-21T00:00:00
db:NVDid:CVE-2014-0495date:2014-01-15T16:13:04.070