Details of VAR-201412-0498

ID

VAR-201412-0498

CVE

CVE-2014-8452

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-005927

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Adobe Reader and Acrobat are prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-8452 // JVNDB: JVNDB-2014-005927 // BID: 71567 // VULHUB: VHN-76397

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 71567 // JVNDB: JVNDB-2014-005927 // CNNVD: CNNVD-201412-227 // NVD: CVE-2014-8452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8452
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8452
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-227
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76397
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8452
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76397
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76397 // JVNDB: JVNDB-2014-005927 // CNNVD: CNNVD-201412-227 // NVD: CVE-2014-8452

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-76397 // JVNDB: JVNDB-2014-005927 // NVD: CVE-2014-8452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-227

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-227

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005927

PATCH

title:	APSB15-10	url:	http://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514.html	Trust: 0.8
title:	AdbeRdrUpd10113	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52690	Trust: 0.6
title:	AcrobatUpd11010	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52693	Trust: 0.6
title:	AcrobatUpd10113	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52692	Trust: 0.6
title:	AdbeRdrUpd11010	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52691	Trust: 0.6

sources: JVNDB: JVNDB-2014-005927 // CNNVD: CNNVD-201412-227

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8452	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-005927	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-227	Trust: 0.7
db:	BID	id:	71567	Trust: 0.4
db:	VULHUB	id:	VHN-76397	Trust: 0.1

sources: VULHUB: VHN-76397 // BID: 71567 // JVNDB: JVNDB-2014-005927 // CNNVD: CNNVD-201412-227 // NVD: CVE-2014-8452

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8452	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140053.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150014.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8452	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics?seq=16279	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=15071	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	http://get.adobe.com/reader/	Trust: 0.3

sources: VULHUB: VHN-76397 // BID: 71567 // JVNDB: JVNDB-2014-005927 // CNNVD: CNNVD-201412-227 // NVD: CVE-2014-8452

CREDITS

Alex Inführ of Cure53.de

Trust: 0.3

sources: BID: 71567

SOURCES

db:	VULHUB	id:	VHN-76397
db:	BID	id:	71567
db:	JVNDB	id:	JVNDB-2014-005927
db:	CNNVD	id:	CNNVD-201412-227
db:	NVD	id:	CVE-2014-8452

LAST UPDATE DATE

2024-11-23T22:27:12.828000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76397	date:	2014-12-12T00:00:00
db:	BID	id:	71567	date:	2015-05-15T00:08:00
db:	JVNDB	id:	JVNDB-2014-005927	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201412-227	date:	2014-12-15T00:00:00
db:	NVD	id:	CVE-2014-8452	date:	2024-11-21T02:19:06.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76397	date:	2014-12-10T00:00:00
db:	BID	id:	71567	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005927	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-227	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8452	date:	2014-12-10T21:59:23.493