Details of VAR-201412-0497

ID

VAR-201412-0497

CVE

CVE-2014-8451

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Unspecified JavaScript API Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-005926

DESCRIPTION

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. This vulnerability CVE-2014-8448 Is a different vulnerability.An attacker could obtain important information. Adobe Reader and Acrobat are prone to an information-disclosure vulnerability. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-8451 // JVNDB: JVNDB-2014-005926 // BID: 71565 // VULHUB: VHN-76396

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 71565 // JVNDB: JVNDB-2014-005926 // CNNVD: CNNVD-201412-226 // NVD: CVE-2014-8451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8451
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8451
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-226
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76396
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8451
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76396
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76396 // JVNDB: JVNDB-2014-005926 // CNNVD: CNNVD-201412-226 // NVD: CVE-2014-8451

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-76396 // JVNDB: JVNDB-2014-005926 // NVD: CVE-2014-8451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-226

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005926

PATCH

title:	APSB14-28	url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html	Trust: 0.8
title:	AdbeRdrUpd10113	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52690	Trust: 0.6
title:	AcrobatUpd11010	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52693	Trust: 0.6
title:	AcrobatUpd10113	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52692	Trust: 0.6
title:	AdbeRdrUpd11010	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52691	Trust: 0.6

sources: JVNDB: JVNDB-2014-005926 // CNNVD: CNNVD-201412-226

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8451	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-005926	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-226	Trust: 0.7
db:	BID	id:	71565	Trust: 0.4
db:	VULHUB	id:	VHN-76396	Trust: 0.1

sources: VULHUB: VHN-76396 // BID: 71565 // JVNDB: JVNDB-2014-005926 // CNNVD: CNNVD-201412-226 // NVD: CVE-2014-8451

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8451	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140053.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8451	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=15071	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3

sources: VULHUB: VHN-76396 // BID: 71565 // JVNDB: JVNDB-2014-005926 // CNNVD: CNNVD-201412-226 // NVD: CVE-2014-8451

CREDITS

Alex Inführ of Cure53.de.

Trust: 0.3

sources: BID: 71565

SOURCES

db:	VULHUB	id:	VHN-76396
db:	BID	id:	71565
db:	JVNDB	id:	JVNDB-2014-005926
db:	CNNVD	id:	CNNVD-201412-226
db:	NVD	id:	CVE-2014-8451

LAST UPDATE DATE

2024-11-23T22:22:58.191000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76396	date:	2014-12-12T00:00:00
db:	BID	id:	71565	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005926	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-226	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8451	date:	2024-11-21T02:19:06.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76396	date:	2014-12-10T00:00:00
db:	BID	id:	71565	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005926	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-226	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8451	date:	2014-12-10T21:59:22.540