Details of VAR-201409-0438

ID

VAR-201409-0438

CVE

CVE-2014-0563

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004242

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. Adobe Acrobat and Reader are prone to an unspecified memory-corruption vulnerability. Attackers can exploit this issue to crash the affected application. The following products are affected: Adobe Reader 11.x versions prior to 11.0.09 Adobe Reader 10.x versions prior to 10.1.12 Adobe Acrobat 11.x versions prior to 11.0.09 Adobe Acrobat 10.x versions prior to 10.1.12. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-0563 // JVNDB: JVNDB-2014-004242 // BID: 69826 // VULHUB: VHN-68056

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.09)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.12)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8

sources: JVNDB: JVNDB-2014-004242 // CNNVD: CNNVD-201409-582 // NVD: CVE-2014-0563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0563
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0563
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-582
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68056
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0563
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68056
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68056 // JVNDB: JVNDB-2014-004242 // CNNVD: CNNVD-201409-582 // NVD: CVE-2014-0563

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68056 // JVNDB: JVNDB-2014-004242 // NVD: CVE-2014-0563

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-582

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201409-582

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004242

PATCH

title:	APSB14-20	url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 0.8
title:	APSB14-20	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-20.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140918.html	Trust: 0.8
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51674	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51678	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51673	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51677	Trust: 0.6
title:	AdbeRdrUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51676	Trust: 0.6
title:	AcrobatUpd11009	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51680	Trust: 0.6
title:	AdbeRdrUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51675	Trust: 0.6
title:	AcrobatUpd10112	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51679	Trust: 0.6

sources: JVNDB: JVNDB-2014-004242 // CNNVD: CNNVD-201409-582

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0563	Trust: 2.8
db:	BID	id:	69826	Trust: 1.4
db:	SECTRACK	id:	1030853	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004242	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-582	Trust: 0.7
db:	VULHUB	id:	VHN-68056	Trust: 0.1

sources: VULHUB: VHN-68056 // BID: 69826 // JVNDB: JVNDB-2014-004242 // CNNVD: CNNVD-201409-582 // NVD: CVE-2014-0563

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-20.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/69826	Trust: 1.1
url:	http://www.securitytracker.com/id/1030853	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95998	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0563	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140917-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140036.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0563	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14605	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://get.adobe.com/reader/	Trust: 0.3

sources: VULHUB: VHN-68056 // BID: 69826 // JVNDB: JVNDB-2014-004242 // CNNVD: CNNVD-201409-582 // NVD: CVE-2014-0563

CREDITS

Wei Lei and Wu Hongjun of Nanyang Technological University.

Trust: 0.3

sources: BID: 69826

SOURCES

db:	VULHUB	id:	VHN-68056
db:	BID	id:	69826
db:	JVNDB	id:	JVNDB-2014-004242
db:	CNNVD	id:	CNNVD-201409-582
db:	NVD	id:	CVE-2014-0563

LAST UPDATE DATE

2024-11-23T21:44:04.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68056	date:	2017-08-29T00:00:00
db:	BID	id:	69826	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004242	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-582	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0563	date:	2024-11-21T02:02:24.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68056	date:	2014-09-17T00:00:00
db:	BID	id:	69826	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004242	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201409-582	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2014-0563	date:	2014-09-17T10:55:06.730