Details of VAR-201412-0504

ID

VAR-201412-0504

CVE

CVE-2014-8457

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005932

DESCRIPTION

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159. This vulnerability CVE-2014-8460 and CVE-2014-9159 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.10 Adobe Reader 10.x versions prior to 10.1.13 Adobe Acrobat 11.x versions prior to 11.0.10 Adobe Acrobat 10.x versions prior to 10.1.13. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-8457 // JVNDB: JVNDB-2014-005932 // BID: 71566 // VULHUB: VHN-76402

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.3
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 71566 // JVNDB: JVNDB-2014-005932 // CNNVD: CNNVD-201412-232 // NVD: CVE-2014-8457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8457
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8457
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201412-232
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76402
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8457
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76402
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76402 // JVNDB: JVNDB-2014-005932 // CNNVD: CNNVD-201412-232 // NVD: CVE-2014-8457

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-76402 // JVNDB: JVNDB-2014-005932 // NVD: CVE-2014-8457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-232

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-232

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005932

PATCH

title:	APSB14-28	url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-005932

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8457	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-005932	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-232	Trust: 0.7
db:	BID	id:	71566	Trust: 0.4
db:	VULHUB	id:	VHN-76402	Trust: 0.1

sources: VULHUB: VHN-76402 // BID: 71566 // JVNDB: JVNDB-2014-005932 // CNNVD: CNNVD-201412-232 // NVD: CVE-2014-8457

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8457	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140053.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8457	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=15071	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-76402 // BID: 71566 // JVNDB: JVNDB-2014-005932 // CNNVD: CNNVD-201412-232 // NVD: CVE-2014-8457

CREDITS

Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team.

Trust: 0.3

sources: BID: 71566

SOURCES

db:	VULHUB	id:	VHN-76402
db:	BID	id:	71566
db:	JVNDB	id:	JVNDB-2014-005932
db:	CNNVD	id:	CNNVD-201412-232
db:	NVD	id:	CVE-2014-8457

LAST UPDATE DATE

2024-11-23T22:42:31.081000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76402	date:	2014-12-12T00:00:00
db:	BID	id:	71566	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005932	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-232	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8457	date:	2024-11-21T02:19:07.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76402	date:	2014-12-10T00:00:00
db:	BID	id:	71566	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005932	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-232	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8457	date:	2014-12-10T21:59:28.257