Details of VAR-201412-0508

ID

VAR-201412-0508

CVE

CVE-2014-8455

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-005930

DESCRIPTION

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165. This vulnerability CVE-2014-8454 and CVE-2014-9165 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.10 Adobe Reader 10.x versions prior to 10.1.13 Adobe Acrobat 11.x versions prior to 11.0.10 Adobe Acrobat 10.x versions prior to 10.1.13. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2014-8455 // JVNDB: JVNDB-2014-005930 // BID: 71571 // VULHUB: VHN-76400

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.9
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.13)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 71571 // JVNDB: JVNDB-2014-005930 // CNNVD: CNNVD-201412-230 // NVD: CVE-2014-8455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8455
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8455
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201412-230
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76400
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8455
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76400
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76400 // JVNDB: JVNDB-2014-005930 // CNNVD: CNNVD-201412-230 // NVD: CVE-2014-8455

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-005930 // NVD: CVE-2014-8455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-230

TYPE

Unknown

Trust: 0.3

sources: BID: 71571

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005930

PATCH

title:	APSB14-28	url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 0.8
title:	APSB14-28	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-28.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-005930

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8455	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-005930	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-230	Trust: 0.7
db:	BID	id:	71571	Trust: 0.4
db:	VULHUB	id:	VHN-76400	Trust: 0.1

sources: VULHUB: VHN-76400 // BID: 71571 // JVNDB: JVNDB-2014-005930 // CNNVD: CNNVD-201412-230 // NVD: CVE-2014-8455

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-28.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8455	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141210-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140053.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8455	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=15071	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3

sources: VULHUB: VHN-76400 // BID: 71571 // JVNDB: JVNDB-2014-005930 // CNNVD: CNNVD-201412-230 // NVD: CVE-2014-8455

CREDITS

Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team.

Trust: 0.3

sources: BID: 71571

SOURCES

db:	VULHUB	id:	VHN-76400
db:	BID	id:	71571
db:	JVNDB	id:	JVNDB-2014-005930
db:	CNNVD	id:	CNNVD-201412-230
db:	NVD	id:	CVE-2014-8455

LAST UPDATE DATE

2024-11-23T22:01:54.770000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76400	date:	2014-12-12T00:00:00
db:	BID	id:	71571	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005930	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-230	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8455	date:	2024-11-21T02:19:06.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76400	date:	2014-12-10T00:00:00
db:	BID	id:	71571	date:	2014-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-005930	date:	2014-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201412-230	date:	2014-12-11T00:00:00
db:	NVD	id:	CVE-2014-8455	date:	2014-12-10T21:59:26.493