Details of VAR-201412-0494

ID

VAR-201412-0494

CVE

CVE-2014-8460

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005935

DESCRIPTION

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159. This vulnerability CVE-2014-8457 and CVE-2014-9159 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.10 Adobe Reader 10.x versions prior to 10.1.13 Adobe Acrobat 11.x versions prior to 11.0.10 Adobe Acrobat 10.x versions prior to 10.1.13. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-8460 // JVNDB: JVNDB-2014-005935 // BID: 71579 // VULHUB: VHN-76405

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 71579 // JVNDB: JVNDB-2014-005935 // CNNVD: CNNVD-201412-235 // NVD: CVE-2014-8460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8460
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8460
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201412-235
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76405
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8460
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76405
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76405 // JVNDB: JVNDB-2014-005935 // CNNVD: CNNVD-201412-235 // NVD: CVE-2014-8460

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-76405 // JVNDB: JVNDB-2014-005935 // NVD: CVE-2014-8460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-235

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005935

PATCH

title:	APSB14-28	url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-005935

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8460	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-005935	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-235	Trust: 0.7
db:	BID	id:	71579	Trust: 0.4
db:	VULHUB	id:	VHN-76405	Trust: 0.1

sources: VULHUB: VHN-76405 // BID: 71579 // JVNDB: JVNDB-2014-005935 // CNNVD: CNNVD-201412-235 // NVD: CVE-2014-8460

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8460	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140053.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8460	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=15071	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-76405 // BID: 71579 // JVNDB: JVNDB-2014-005935 // CNNVD: CNNVD-201412-235 // NVD: CVE-2014-8460

CREDITS

Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team.

Trust: 0.3

sources: BID: 71579

SOURCES

db:	VULHUB	id:	VHN-76405
db:	BID	id:	71579
db:	JVNDB	id:	JVNDB-2014-005935
db:	CNNVD	id:	CNNVD-201412-235
db:	NVD	id:	CVE-2014-8460

LAST UPDATE DATE

2024-11-23T23:05:44.775000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76405	date:	2014-12-12T00:00:00
db:	BID	id:	71579	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005935	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-235	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8460	date:	2024-11-21T02:19:07.410

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76405	date:	2014-12-10T00:00:00
db:	BID	id:	71579	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005935	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-235	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8460	date:	2014-12-10T21:59:30.790