Details of VAR-201405-0211

ID

VAR-201405-0211

CVE

CVE-2014-0529

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-002489

DESCRIPTION

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following products are affected: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0529 // JVNDB: JVNDB-2014-002489 // BID: 67362 // VULHUB: VHN-68022

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 67362 // JVNDB: JVNDB-2014-002489 // CNNVD: CNNVD-201405-254 // NVD: CVE-2014-0529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0529
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0529
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-254
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68022
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0529
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68022
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68022 // JVNDB: JVNDB-2014-002489 // CNNVD: CNNVD-201405-254 // NVD: CVE-2014-0529

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68022 // JVNDB: JVNDB-2014-002489 // NVD: CVE-2014-0529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-254

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002489

PATCH

title:	APSB14-15	url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 0.8
title:	APSB14-15	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-15.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140515.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002489

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0529	Trust: 2.8
db:	BID	id:	67362	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-002489	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-254	Trust: 0.7
db:	VULHUB	id:	VHN-68022	Trust: 0.1

sources: VULHUB: VHN-68022 // BID: 67362 // JVNDB: JVNDB-2014-002489 // CNNVD: CNNVD-201405-254 // NVD: CVE-2014-0529

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/67362	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0529	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140514-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140023.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0529	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=13798	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-68022 // BID: 67362 // JVNDB: JVNDB-2014-002489 // CNNVD: CNNVD-201405-254 // NVD: CVE-2014-0529

CREDITS

Venustech Active-Defense Lab

Trust: 0.3

sources: BID: 67362

SOURCES

db:	VULHUB	id:	VHN-68022
db:	BID	id:	67362
db:	JVNDB	id:	JVNDB-2014-002489
db:	CNNVD	id:	CNNVD-201405-254
db:	NVD	id:	CVE-2014-0529

LAST UPDATE DATE

2024-11-23T22:27:20.092000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68022	date:	2015-10-23T00:00:00
db:	BID	id:	67362	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002489	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-254	date:	2014-05-16T00:00:00
db:	NVD	id:	CVE-2014-0529	date:	2024-11-21T02:02:19.523

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68022	date:	2014-05-14T00:00:00
db:	BID	id:	67362	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002489	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-254	date:	2014-05-16T00:00:00
db:	NVD	id:	CVE-2014-0529	date:	2014-05-14T11:13:05.600