Sign-up

ID

VAR-201412-0449


CVE

CVE-2014-9159


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005938

DESCRIPTION

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460. This vulnerability CVE-2014-8457 and CVE-2014-8460 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.10 Adobe Reader 10.x versions prior to 10.1.13 Adobe Acrobat 11.x versions prior to 11.0.10 Adobe Acrobat 10.x versions prior to 10.1.13. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-9159 // JVNDB: JVNDB-2014-005938 // BID: 71580 // VULHUB: VHN-77104

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.5

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.4

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:11.0.6

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.4

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.9

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.12

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.8

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.7

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.10

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.6

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.11

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.7

Trust: 1.3

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.06

Trust: 1.0

vendor:microsoftmodel:windowsscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.8

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.10

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.07

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.05

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.04

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.8

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.03

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.11

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.09

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.7

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.08

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.12

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.02

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.01

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1

Trust: 1.0

vendor:adobemodel:readerscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:x (10.1.13)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:x (10.1.13)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:xi (11.0.10)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:xi (11.0.10)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:10.0.13

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:11.0.09

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.9

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.12

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

vendor:adobemodel:readerscope:neversion:11.0.10

Trust: 0.3

vendor:adobemodel:readerscope:neversion:10.1.13

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.08

Trust: 0.3

vendor:adobemodel:acrobatscope:neversion:11.0.10

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.11

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:acrobatscope:neversion:10.1.13

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:11.0.08

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.7

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.10

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.09

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.6

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.05

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.3

Trust: 0.3

sources: BID: 71580 // JVNDB: JVNDB-2014-005938 // CNNVD: CNNVD-201412-238 // NVD: CVE-2014-9159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9159
value: HIGH

Trust: 1.0

NVD: CVE-2014-9159
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201412-238
value: CRITICAL

Trust: 0.6

VULHUB: VHN-77104
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9159
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77104
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77104 // JVNDB: JVNDB-2014-005938 // CNNVD: CNNVD-201412-238 // NVD: CVE-2014-9159

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-9159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-238

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-238

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005938

PATCH
title:APSB14-28url:http://helpx.adobe.com/security/products/reader/apsb14-28.html
Trust: 0.8
title:APSB14-28url:http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005938

EXTERNAL IDS
db:NVDid:CVE-2014-9159
Trust: 2.8
db:JVNDBid:JVNDB-2014-005938
Trust: 0.8
db:CNNVDid:CNNVD-201412-238
Trust: 0.7
db:BIDid:71580
Trust: 0.4
db:VULHUBid:VHN-77104
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77104 // 
            
            
            
            BID: 71580 // 
            
            
            
            JVNDB: JVNDB-2014-005938 // 
            
            
            
            CNNVD: CNNVD-201412-238 // 
            
            
            
            NVD: CVE-2014-9159

REFERENCES
url:http://helpx.adobe.com/security/products/reader/apsb14-28.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9159
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2014/at140053.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9159
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=15071
Trust: 0.8
url:http://www.adobe.com/products/acrobat/
Trust: 0.3
url:http://www.adobe.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-77104 // 
            
            
            
            BID: 71580 // 
            
            
            
            JVNDB: JVNDB-2014-005938 // 
            
            
            
            CNNVD: CNNVD-201412-238 // 
            
            
            
            NVD: CVE-2014-9159

CREDITS
Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team.
Trust: 0.3
sources:
            
            
            BID: 71580

SOURCES
db:VULHUBid:VHN-77104
db:BIDid:71580
db:JVNDBid:JVNDB-2014-005938
db:CNNVDid:CNNVD-201412-238
db:NVDid:CVE-2014-9159

LAST UPDATE DATE
2024-11-23T22:31:11.965000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77104date:2014-12-12T00:00:00
db:BIDid:71580date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-005938date:2014-12-12T00:00:00
db:CNNVDid:CNNVD-201412-238date:2014-12-11T00:00:00
db:NVDid:CVE-2014-9159date:2024-11-21T02:20:18.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-77104date:2014-12-10T00:00:00
db:BIDid:71580date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-005938date:2014-12-12T00:00:00
db:CNNVDid:CNNVD-201412-238date:2014-12-11T00:00:00
db:NVDid:CVE-2014-9159date:2014-12-10T21:59:33.430