Details of VAR-201409-0429

ID

VAR-201409-0429

CVE

CVE-2014-0560

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-004239

DESCRIPTION

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.09 Adobe Reader 10.x versions prior to 10.1.12 Adobe Acrobat 11.x versions prior to 11.0.09 Adobe Acrobat 10.x versions prior to 10.1.12. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0560 // JVNDB: JVNDB-2014-004239 // BID: 69823 // VULHUB: VHN-68053

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 69823 // JVNDB: JVNDB-2014-004239 // CNNVD: CNNVD-201409-579 // NVD: CVE-2014-0560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0560
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0560
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-579
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68053
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0560
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68053
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68053 // JVNDB: JVNDB-2014-004239 // CNNVD: CNNVD-201409-579 // NVD: CVE-2014-0560

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-68053 // JVNDB: JVNDB-2014-004239 // NVD: CVE-2014-0560

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-579

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201409-579

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004239

PATCH

title:	APSB14-20	url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-20.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140918.html	Trust: 0.8
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51675	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51679	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51674	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51678	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51673	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51677	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51676	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51680	Trust: 0.6

sources: JVNDB: JVNDB-2014-004239 // CNNVD: CNNVD-201409-579

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0560	Trust: 2.8
db:	BID	id:	69823	Trust: 1.4
db:	SECTRACK	id:	1030853	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004239	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-579	Trust: 0.7
db:	VULHUB	id:	VHN-68053	Trust: 0.1

sources: VULHUB: VHN-68053 // BID: 69823 // JVNDB: JVNDB-2014-004239 // CNNVD: CNNVD-201409-579 // NVD: CVE-2014-0560

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/69823	Trust: 1.1
url:	http://www.securitytracker.com/id/1030853	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96001	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0560	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140917-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140036.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0560	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14605	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3

sources: VULHUB: VHN-68053 // BID: 69823 // JVNDB: JVNDB-2014-004239 // CNNVD: CNNVD-201409-579 // NVD: CVE-2014-0560

CREDITS

Wei Lei and Wu Hongjun of Nanyang Technological University working with Verisign iDefense Labs.

Trust: 0.3

sources: BID: 69823

SOURCES

db:	VULHUB	id:	VHN-68053
db:	BID	id:	69823
db:	JVNDB	id:	JVNDB-2014-004239
db:	CNNVD	id:	CNNVD-201409-579
db:	NVD	id:	CVE-2014-0560

LAST UPDATE DATE

2024-11-23T21:44:04.475000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68053	date:	2017-08-29T00:00:00
db:	BID	id:	69823	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004239	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-579	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0560	date:	2024-11-21T02:02:23.647

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68053	date:	2014-09-17T00:00:00
db:	BID	id:	69823	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004239	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201409-579	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0560	date:	2014-09-17T10:55:06.573