Details of VAR-201409-0420

ID

VAR-201409-0420

CVE

CVE-2014-0565

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-004243

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566. Adobe Reader and Acrobat are prone to an unspecified remote code-execution vulnerability. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.09 Adobe Reader 10.x versions prior to 10.1.12 Adobe Acrobat 11.x versions prior to 11.0.09 Adobe Acrobat 10.x versions prior to 10.1.12. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 2.07

sources: NVD: CVE-2014-0565 // JVNDB: JVNDB-2014-004243 // BID: 69824 // VULHUB: VHN-68058 // VULMON: CVE-2014-0565

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 69824 // JVNDB: JVNDB-2014-004243 // CNNVD: CNNVD-201409-583 // NVD: CVE-2014-0565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0565
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0565
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-583
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68058
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-0565
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0565
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-68058
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68058 // VULMON: CVE-2014-0565 // JVNDB: JVNDB-2014-004243 // CNNVD: CNNVD-201409-583 // NVD: CVE-2014-0565

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68058 // JVNDB: JVNDB-2014-004243 // NVD: CVE-2014-0565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-583

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201409-583

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004243

PATCH

title:	APSB14-20	url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-20.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140918.html	Trust: 0.8
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51674	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51678	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51673	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51677	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51676	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51680	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51675	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51679	Trust: 0.6

sources: JVNDB: JVNDB-2014-004243 // CNNVD: CNNVD-201409-583

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0565	Trust: 2.9
db:	BID	id:	69824	Trust: 1.5
db:	SECTRACK	id:	1030853	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-004243	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-583	Trust: 0.7
db:	VULHUB	id:	VHN-68058	Trust: 0.1
db:	VULMON	id:	CVE-2014-0565	Trust: 0.1

sources: VULHUB: VHN-68058 // VULMON: CVE-2014-0565 // BID: 69824 // JVNDB: JVNDB-2014-004243 // CNNVD: CNNVD-201409-583 // NVD: CVE-2014-0565

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/69824	Trust: 1.2
url:	http://www.securitytracker.com/id/1030853	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96002	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0565	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140917-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140036.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0565	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14605	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/adobe-reader-apsb15-15-cve-2014-0566	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/69824	Trust: 0.1

sources: VULHUB: VHN-68058 // VULMON: CVE-2014-0565 // BID: 69824 // JVNDB: JVNDB-2014-004243 // CNNVD: CNNVD-201409-583 // NVD: CVE-2014-0565

CREDITS

Wei Lei and Wu Hongjun of Nanyang Technological University

Trust: 0.3

sources: BID: 69824

SOURCES

db:	VULHUB	id:	VHN-68058
db:	VULMON	id:	CVE-2014-0565
db:	BID	id:	69824
db:	JVNDB	id:	JVNDB-2014-004243
db:	CNNVD	id:	CNNVD-201409-583
db:	NVD	id:	CVE-2014-0565

LAST UPDATE DATE

2024-11-23T21:44:04.957000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68058	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2014-0565	date:	2017-08-29T00:00:00
db:	BID	id:	69824	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004243	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-583	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0565	date:	2024-11-21T02:02:24.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68058	date:	2014-09-17T00:00:00
db:	VULMON	id:	CVE-2014-0565	date:	2014-09-17T00:00:00
db:	BID	id:	69824	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004243	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201409-583	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0565	date:	2014-09-17T10:55:06.777