Details of VAR-201409-0437

ID

VAR-201409-0437

CVE

CVE-2014-0562

TITLE

Mac OS X Run on Adobe Reader and Acrobat Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-004241

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS).". Adobe Acrobat and Reader are prone to an unspecified cross-site scripting. An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 11.0.08 and earlier and 10.1.11 and earlier for Windows, Adobe Reader 11.0.07 and earlier for OS X and 10.1.10 and earlier for Windows Adobe Acrobat 11.0.08 and earlier versions and 10.1.11 and earlier versions on the platform, and Adobe Acrobat 11.0.07 and earlier versions and 10.1.10 and earlier versions on the OS X platform

Trust: 1.98

sources: NVD: CVE-2014-0562 // JVNDB: JVNDB-2014-004241 // BID: 69822 // VULHUB: VHN-68055

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (macintosh)	Trust: 0.8

sources: JVNDB: JVNDB-2014-004241 // CNNVD: CNNVD-201409-581 // NVD: CVE-2014-0562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0562
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0562
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201409-581
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68055
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0562
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68055
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68055 // JVNDB: JVNDB-2014-004241 // CNNVD: CNNVD-201409-581 // NVD: CVE-2014-0562

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-68055 // JVNDB: JVNDB-2014-004241 // NVD: CVE-2014-0562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-581

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201409-581

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004241

PATCH

title:	APSB14-20	url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-20.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140918.html	Trust: 0.8
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51674	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51678	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51673	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51677	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51676	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51680	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51675	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51679	Trust: 0.6

sources: JVNDB: JVNDB-2014-004241 // CNNVD: CNNVD-201409-581

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0562	Trust: 2.8
db:	BID	id:	69822	Trust: 1.4
db:	SECTRACK	id:	1030853	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004241	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-581	Trust: 0.7
db:	VULHUB	id:	VHN-68055	Trust: 0.1

sources: VULHUB: VHN-68055 // BID: 69822 // JVNDB: JVNDB-2014-004241 // CNNVD: CNNVD-201409-581 // NVD: CVE-2014-0562

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/69822	Trust: 1.1
url:	http://www.securitytracker.com/id/1030853	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95997	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0562	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140917-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140036.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0562	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14605	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-68055 // BID: 69822 // JVNDB: JVNDB-2014-004241 // CNNVD: CNNVD-201409-581 // NVD: CVE-2014-0562

CREDITS

Frans Rosen of Detectify

Trust: 0.3

sources: BID: 69822

SOURCES

db:	VULHUB	id:	VHN-68055
db:	BID	id:	69822
db:	JVNDB	id:	JVNDB-2014-004241
db:	CNNVD	id:	CNNVD-201409-581
db:	NVD	id:	CVE-2014-0562

LAST UPDATE DATE

2024-11-23T21:44:04.927000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68055	date:	2017-08-29T00:00:00
db:	BID	id:	69822	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004241	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-581	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0562	date:	2024-11-21T02:02:23.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68055	date:	2014-09-17T00:00:00
db:	BID	id:	69822	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004241	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201409-581	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0562	date:	2014-09-17T10:55:06.683