Details of VAR-201405-0219

ID

VAR-201405-0219

CVE

CVE-2014-0528

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Memory double free vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002488

DESCRIPTION

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following products are affected: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0528 // JVNDB: JVNDB-2014-002488 // BID: 67366 // VULHUB: VHN-68021

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 67366 // JVNDB: JVNDB-2014-002488 // CNNVD: CNNVD-201405-253 // NVD: CVE-2014-0528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0528
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0528
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-253
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68021
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0528
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68021
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68021 // JVNDB: JVNDB-2014-002488 // CNNVD: CNNVD-201405-253 // NVD: CVE-2014-0528

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-68021 // JVNDB: JVNDB-2014-002488 // NVD: CVE-2014-0528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-253

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201405-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002488

PATCH

title:	APSB14-15	url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 0.8
title:	APSB14-15	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-15.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140515.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002488

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0528	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-253	Trust: 0.7
db:	BID	id:	67366	Trust: 0.4
db:	VULHUB	id:	VHN-68021	Trust: 0.1

sources: VULHUB: VHN-68021 // BID: 67366 // JVNDB: JVNDB-2014-002488 // CNNVD: CNNVD-201405-253 // NVD: CVE-2014-0528

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0528	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140514-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140023.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0528	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=13798	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-68021 // BID: 67366 // JVNDB: JVNDB-2014-002488 // CNNVD: CNNVD-201405-253 // NVD: CVE-2014-0528

CREDITS

Sune Vuorela of Ange Optimization

Trust: 0.3

sources: BID: 67366

SOURCES

db:	VULHUB	id:	VHN-68021
db:	BID	id:	67366
db:	JVNDB	id:	JVNDB-2014-002488
db:	CNNVD	id:	CNNVD-201405-253
db:	NVD	id:	CVE-2014-0528

LAST UPDATE DATE

2024-11-23T22:49:31.465000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68021	date:	2014-05-14T00:00:00
db:	BID	id:	67366	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002488	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-253	date:	2014-05-16T00:00:00
db:	NVD	id:	CVE-2014-0528	date:	2024-11-21T02:02:19.393

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68021	date:	2014-05-14T00:00:00
db:	BID	id:	67366	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002488	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-253	date:	2014-05-16T00:00:00
db:	NVD	id:	CVE-2014-0528	date:	2014-05-14T11:13:05.537