Details of VAR-201409-0421

ID

VAR-201409-0421

CVE

CVE-2014-0566

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-004244

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565. Adobe Reader and Acrobat are prone to an unspecified remote code-execution vulnerability. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.09 Adobe Reader 10.x versions prior to 10.1.12 Adobe Acrobat 11.x versions prior to 11.0.09 Adobe Acrobat 10.x versions prior to 10.1.12. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0566 // JVNDB: JVNDB-2014-004244 // BID: 69825 // VULHUB: VHN-68059

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat dc	scope:	gte	version:	15.007.20033	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	15.006.30060	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	15.008.20082	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	gte	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.1.15	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lt	version:	10.1.15	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	15.008.20082	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	gte	version:	15.006.30033	Trust: 1.0
vendor:	adobe	model:	acrobat reader dc	scope:	gte	version:	15.007.20033	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.0.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lt	version:	11.0.12	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	15.006.30060	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat dc	scope:	gte	version:	15.006.30033	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.9
vendor:	adobe	model:	acrobat dc	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	continuous 2015.008.20082	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.12)	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	continuous 2015.008.20082	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat dc	scope:	eq	version:	classic 2015.006.30060	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.15)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat reader dc	scope:	eq	version:	classic 2015.006.30060	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.15)	Trust: 0.8
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 0.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 0.6
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3

sources: BID: 69825 // JVNDB: JVNDB-2014-004244 // CNNVD: CNNVD-201409-584 // NVD: CVE-2014-0566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0566
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0566
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-584
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68059
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0566
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68059
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68059 // JVNDB: JVNDB-2014-004244 // CNNVD: CNNVD-201409-584 // NVD: CVE-2014-0566

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-68059 // NVD: CVE-2014-0566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-584

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201409-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004244

PATCH

title:	APSB15-15	url:	https://helpx.adobe.com/security/products/reader/apsb15-15.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB15-15	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-15.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ (2014年9月18日)	url:	http://www.fmworld.net/biz/common/adobe/20140918.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ (2015年7月16日)	url:	http://www.fmworld.net/biz/common/adobe/20150716.html	Trust: 0.8
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51673	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51677	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51676	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51680	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51675	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51679	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51674	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51678	Trust: 0.6

sources: JVNDB: JVNDB-2014-004244 // CNNVD: CNNVD-201409-584

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0566	Trust: 2.8
db:	BID	id:	69825	Trust: 2.0
db:	SECTRACK	id:	1030853	Trust: 1.7
db:	SECTRACK	id:	1032892	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-004244	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-584	Trust: 0.7
db:	VULHUB	id:	VHN-68059	Trust: 0.1

sources: VULHUB: VHN-68059 // BID: 69825 // JVNDB: JVNDB-2014-004244 // CNNVD: CNNVD-201409-584 // NVD: CVE-2014-0566

REFERENCES

url:	http://www.securityfocus.com/bid/69825	Trust: 1.7
url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 1.7
url:	https://helpx.adobe.com/security/products/reader/apsb15-15.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1030853	Trust: 1.7
url:	http://www.securitytracker.com/id/1032892	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96003	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0566	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150715-adobereader.html	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140917-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140036.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150023.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0566	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14605	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=16619	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3

sources: VULHUB: VHN-68059 // BID: 69825 // JVNDB: JVNDB-2014-004244 // CNNVD: CNNVD-201409-584 // NVD: CVE-2014-0566

CREDITS

Wei Lei and Wu Hongjun of Nanyang Technological University

Trust: 0.3

sources: BID: 69825

SOURCES

db:	VULHUB	id:	VHN-68059
db:	BID	id:	69825
db:	JVNDB	id:	JVNDB-2014-004244
db:	CNNVD	id:	CNNVD-201409-584
db:	NVD	id:	CVE-2014-0566

LAST UPDATE DATE

2024-11-23T21:44:04.534000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68059	date:	2020-05-13T00:00:00
db:	BID	id:	69825	date:	2015-07-14T18:51:00
db:	JVNDB	id:	JVNDB-2014-004244	date:	2015-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201409-584	date:	2020-05-14T00:00:00
db:	NVD	id:	CVE-2014-0566	date:	2024-11-21T02:02:24.480

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68059	date:	2014-09-17T00:00:00
db:	BID	id:	69825	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004244	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201409-584	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0566	date:	2014-09-17T10:55:06.823