Sign-up

ID

VAR-201412-0397


CVE

CVE-2014-9165


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-005939

DESCRIPTION

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455. This vulnerability CVE-2014-8454 and CVE-2014-8455 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.10 Adobe Reader 10.x versions prior to 10.1.13 Adobe Acrobat 11.x versions prior to 11.0.10 Adobe Acrobat 10.x versions prior to 10.1.13. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-9165 // JVNDB: JVNDB-2014-005939 // BID: 71575 // VULHUB: VHN-77110

AFFECTED PRODUCTS

vendor:adobemodel:acrobat readerscope:eqversion:11.0.05

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.12

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.9

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.10

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.11

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.06

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.02

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.0

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.03

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.04

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0

Trust: 1.0

vendor:microsoftmodel:windowsscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.7

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.8

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.11

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.07

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.6

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.7

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.12

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.6

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.8

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.09

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.08

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.7

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.8

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.01

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:10.1.10

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1

Trust: 1.0

vendor:adobemodel:readerscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:x (10.1.13)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:x (10.1.13)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:xi (11.0.10)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:xi (11.0.10)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

sources: BID: 71575 // JVNDB: JVNDB-2014-005939 // CNNVD: CNNVD-201412-242 // NVD: CVE-2014-9165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9165
value: HIGH

Trust: 1.0

NVD: CVE-2014-9165
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201412-242
value: CRITICAL

Trust: 0.6

VULHUB: VHN-77110
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9165
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77110
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77110 // JVNDB: JVNDB-2014-005939 // CNNVD: CNNVD-201412-242 // NVD: CVE-2014-9165

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-005939 // NVD: CVE-2014-9165

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-242

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201412-242

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005939

PATCH
title:APSB14-28url:http://helpx.adobe.com/security/products/reader/apsb14-28.html
Trust: 0.8
title:APSB14-28url:http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html
Trust: 0.8
title:AdbeRdrUpd10113url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52690
Trust: 0.6
title:AcrobatUpd11010url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52693
Trust: 0.6
title:AcrobatUpd10113url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52692
Trust: 0.6
title:AdbeRdrUpd11010url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52691
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005939 // 
            
            
            
            CNNVD: CNNVD-201412-242

EXTERNAL IDS
db:NVDid:CVE-2014-9165
Trust: 2.8
db:JVNDBid:JVNDB-2014-005939
Trust: 0.8
db:CNNVDid:CNNVD-201412-242
Trust: 0.7
db:BIDid:71575
Trust: 0.4
db:VULHUBid:VHN-77110
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77110 // 
            
            
            
            BID: 71575 // 
            
            
            
            JVNDB: JVNDB-2014-005939 // 
            
            
            
            CNNVD: CNNVD-201412-242 // 
            
            
            
            NVD: CVE-2014-9165

REFERENCES
url:http://helpx.adobe.com/security/products/reader/apsb14-28.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9165
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2014/at140053.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9165
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=15071
Trust: 0.8
url:http://www.adobe.com/products/acrobat/
Trust: 0.3
url:http://www.adobe.com/products/reader/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-77110 // 
            
            
            
            BID: 71575 // 
            
            
            
            JVNDB: JVNDB-2014-005939 // 
            
            
            
            CNNVD: CNNVD-201412-242 // 
            
            
            
            NVD: CVE-2014-9165

CREDITS
Wei Lei and Wu Hongjun of Nanyang Technological University.
Trust: 0.3
sources:
            
            
            BID: 71575

SOURCES
db:VULHUBid:VHN-77110
db:BIDid:71575
db:JVNDBid:JVNDB-2014-005939
db:CNNVDid:CNNVD-201412-242
db:NVDid:CVE-2014-9165

LAST UPDATE DATE
2024-11-23T22:38:54.189000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77110date:2014-12-12T00:00:00
db:BIDid:71575date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-005939date:2014-12-12T00:00:00
db:CNNVDid:CNNVD-201412-242date:2014-12-15T00:00:00
db:NVDid:CVE-2014-9165date:2024-11-21T02:20:19.623

SOURCES RELEASE DATE
db:VULHUBid:VHN-77110date:2014-12-10T00:00:00
db:BIDid:71575date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-005939date:2014-12-12T00:00:00
db:CNNVDid:CNNVD-201412-242date:2014-12-11T00:00:00
db:NVDid:CVE-2014-9165date:2014-12-10T21:59:37.040