Sign-up

ID

VAR-201405-0216


CVE

CVE-2014-0525


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat of API Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002485

DESCRIPTION

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls. Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. A security vulnerability exists in the APIs of Adobe Reader and Acrobat on Windows and OS X platforms. The vulnerability stems from the program not properly preventing access to unmapped memory

Trust: 1.98

sources: NVD: CVE-2014-0525 // JVNDB: JVNDB-2014-002485 // BID: 67365 // VULHUB: VHN-68018

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 1.9

vendor:adobemodel:acrobat readerscope:eqversion:10.1.4

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.9

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.7

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.5

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.8

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.6

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 1.3

vendor:adobemodel:acrobat readerscope:eqversion:11.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.6

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.7

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.6

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.8

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.2

Trust: 1.0

vendor:adobemodel:acrobatscope:ltversion:10.x

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:11.x

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:xi (11.0.07)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:10.x

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:x (10.1.10)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:11.x

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:xi (11.0.07)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:x (10.1.10)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

sources: BID: 67365 // JVNDB: JVNDB-2014-002485 // CNNVD: CNNVD-201405-250 // NVD: CVE-2014-0525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0525
value: HIGH

Trust: 1.0

NVD: CVE-2014-0525
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-250
value: CRITICAL

Trust: 0.6

VULHUB: VHN-68018
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0525
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68018
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68018 // JVNDB: JVNDB-2014-002485 // CNNVD: CNNVD-201405-250 // NVD: CVE-2014-0525

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68018 // JVNDB: JVNDB-2014-002485 // NVD: CVE-2014-0525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-250

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201405-250

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002485

PATCH
title:APSB14-15url:http://helpx.adobe.com/security/products/reader/apsb14-15.html
Trust: 0.8
title:APSB14-15url:http://helpx.adobe.com/jp/security/products/reader/apsb14-15.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20140515.html
Trust: 0.8
title:AdbeRdrUpd11007url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49945
Trust: 0.6
title:AcrobatUpd11007url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49949
Trust: 0.6
title:AdbeRdrUpd11007_MUIurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49944
Trust: 0.6
title:AcrobatUpd11007url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49948
Trust: 0.6
title:AdbeRdrUpd10110url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49943
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-002485 // 
            
            
            
            CNNVD: CNNVD-201405-250

EXTERNAL IDS
db:NVDid:CVE-2014-0525
Trust: 2.8
db:JVNDBid:JVNDB-2014-002485
Trust: 0.8
db:CNNVDid:CNNVD-201405-250
Trust: 0.7
db:BIDid:67365
Trust: 0.4
db:VULHUBid:VHN-68018
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68018 // 
            
            
            
            BID: 67365 // 
            
            
            
            JVNDB: JVNDB-2014-002485 // 
            
            
            
            CNNVD: CNNVD-201405-250 // 
            
            
            
            NVD: CVE-2014-0525

REFERENCES
url:http://helpx.adobe.com/security/products/reader/apsb14-15.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0525
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20140514-adobereader.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2014/at140023.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0525
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=13798
Trust: 0.8
url:http://www.adobe.com/products/acrobat/
Trust: 0.3
url:http://www.adobe.com/products/reader/
Trust: 0.3
url:http://helpx.adobe.com/security/products/acrobat/apsb14-15.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68018 // 
            
            
            
            BID: 67365 // 
            
            
            
            JVNDB: JVNDB-2014-002485 // 
            
            
            
            CNNVD: CNNVD-201405-250 // 
            
            
            
            NVD: CVE-2014-0525

CREDITS
Yuki Chen of Trend Micro
Trust: 0.3
sources:
            
            
            BID: 67365

SOURCES
db:VULHUBid:VHN-68018
db:BIDid:67365
db:JVNDBid:JVNDB-2014-002485
db:CNNVDid:CNNVD-201405-250
db:NVDid:CVE-2014-0525

LAST UPDATE DATE
2024-11-23T22:39:01.738000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68018date:2014-05-14T00:00:00
db:BIDid:67365date:2014-05-13T00:00:00
db:JVNDBid:JVNDB-2014-002485date:2014-05-15T00:00:00
db:CNNVDid:CNNVD-201405-250date:2014-05-20T00:00:00
db:NVDid:CVE-2014-0525date:2024-11-21T02:02:19.013

SOURCES RELEASE DATE
db:VULHUBid:VHN-68018date:2014-05-14T00:00:00
db:BIDid:67365date:2014-05-13T00:00:00
db:JVNDBid:JVNDB-2014-002485date:2014-05-15T00:00:00
db:CNNVDid:CNNVD-201405-250date:2014-05-15T00:00:00
db:NVDid:CVE-2014-0525date:2014-05-14T11:13:05.333