Details of VAR-201405-0212

ID

VAR-201405-0212

CVE

CVE-2014-0521

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-002481

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. Adobe Reader and Acrobat are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The following products are affected: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The vulnerability stems from the program's incorrect implementation of JavaScript APIs

Trust: 2.07

sources: NVD: CVE-2014-0521 // JVNDB: JVNDB-2014-002481 // BID: 67363 // VULHUB: VHN-68014 // VULMON: CVE-2014-0521

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 67363 // JVNDB: JVNDB-2014-002481 // CNNVD: CNNVD-201405-246 // NVD: CVE-2014-0521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0521
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0521
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-246
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68014
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-0521
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0521
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-68014
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68014 // VULMON: CVE-2014-0521 // JVNDB: JVNDB-2014-002481 // CNNVD: CNNVD-201405-246 // NVD: CVE-2014-0521

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-68014 // JVNDB: JVNDB-2014-002481 // NVD: CVE-2014-0521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-246

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201405-246

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002481

PATCH

title:	APSB14-15	url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 0.8
title:	APSB14-15	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-15.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140515.html	Trust: 0.8
title:	AdbeRdrUpd11007_MUI	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49944	Trust: 0.6
title:	AcrobatUpd11007	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49948	Trust: 0.6
title:	AdbeRdrUpd10110	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49943	Trust: 0.6
title:	AcrobatUpd10110	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49947	Trust: 0.6
title:	AdbeRdrUpd10110_MUI	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49942	Trust: 0.6
title:	cve-2014-0521	url:	https://github.com/molnarg/cve-2014-0521	Trust: 0.1
title:	-	url:	https://github.com/0xCyberY/CVE-T4PDF	Trust: 0.1

sources: VULMON: CVE-2014-0521 // JVNDB: JVNDB-2014-002481 // CNNVD: CNNVD-201405-246

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0521	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-002481	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-246	Trust: 0.7
db:	BID	id:	67363	Trust: 0.5
db:	VULHUB	id:	VHN-68014	Trust: 0.1
db:	VULMON	id:	CVE-2014-0521	Trust: 0.1

sources: VULHUB: VHN-68014 // VULMON: CVE-2014-0521 // BID: 67363 // JVNDB: JVNDB-2014-002481 // CNNVD: CNNVD-201405-246 // NVD: CVE-2014-0521

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0521	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140514-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140023.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0521	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=13798	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://github.com/molnarg/cve-2014-0521	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/67363	Trust: 0.1

sources: VULHUB: VHN-68014 // VULMON: CVE-2014-0521 // BID: 67363 // JVNDB: JVNDB-2014-002481 // CNNVD: CNNVD-201405-246 // NVD: CVE-2014-0521

CREDITS

Gábor Molnár of Ukatemi

Trust: 0.3

sources: BID: 67363

SOURCES

db:	VULHUB	id:	VHN-68014
db:	VULMON	id:	CVE-2014-0521
db:	BID	id:	67363
db:	JVNDB	id:	JVNDB-2014-002481
db:	CNNVD	id:	CNNVD-201405-246
db:	NVD	id:	CVE-2014-0521

LAST UPDATE DATE

2024-11-23T22:13:43.236000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68014	date:	2014-05-14T00:00:00
db:	VULMON	id:	CVE-2014-0521	date:	2014-05-14T00:00:00
db:	BID	id:	67363	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002481	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-246	date:	2014-05-15T00:00:00
db:	NVD	id:	CVE-2014-0521	date:	2024-11-21T02:02:18.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68014	date:	2014-05-14T00:00:00
db:	VULMON	id:	CVE-2014-0521	date:	2014-05-14T00:00:00
db:	BID	id:	67363	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002481	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-246	date:	2014-05-15T00:00:00
db:	NVD	id:	CVE-2014-0521	date:	2014-05-14T11:13:05.070