Details of VAR-201501-0409

ID

VAR-201501-0409

CVE

CVE-2014-9161

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-007815

DESCRIPTION

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 2.07

sources: NVD: CVE-2014-9161 // JVNDB: JVNDB-2014-007815 // BID: 74600 // VULHUB: VHN-77106 // VULMON: CVE-2014-9161

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.9
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.10	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.13	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.06	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.04	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.13	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.03	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.09	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.08	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.02	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.01	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 74600 // JVNDB: JVNDB-2014-007815 // CNNVD: CNNVD-201501-754 // NVD: CVE-2014-9161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9161
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9161
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201501-754
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-77106
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-9161
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9161
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-77106
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-77106 // VULMON: CVE-2014-9161 // JVNDB: JVNDB-2014-007815 // CNNVD: CNNVD-201501-754 // NVD: CVE-2014-9161

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-77106 // JVNDB: JVNDB-2014-007815 // NVD: CVE-2014-9161

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-754

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201501-754

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007815

PATCH

title:	Acrobat XI Pro	url:	https://www.adobe.com/jp/products/acrobatpro.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514.html	Trust: 0.8
title:	-	url:	https://github.com/0xCyberY/CVE-T4PDF	Trust: 0.1

sources: VULMON: CVE-2014-9161 // JVNDB: JVNDB-2014-007815

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9161	Trust: 2.9
db:	BID	id:	74600	Trust: 1.5
db:	SECTRACK	id:	1032284	Trust: 1.2
db:	PACKETSTORM	id:	134394	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007815	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-754	Trust: 0.7
db:	VULHUB	id:	VHN-77106	Trust: 0.1
db:	VULMON	id:	CVE-2014-9161	Trust: 0.1

sources: VULHUB: VHN-77106 // VULMON: CVE-2014-9161 // BID: 74600 // JVNDB: JVNDB-2014-007815 // CNNVD: CNNVD-201501-754 // NVD: CVE-2014-9161

REFERENCES

url:	http://code.google.com/p/google-security-research/issues/detail?id=149	Trust: 2.6
url:	http://www.securityfocus.com/bid/74600	Trust: 1.2
url:	https://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 1.2
url:	http://packetstormsecurity.com/files/134394/adobe-reader-x-xi-out-of-bounds-read.html	Trust: 1.2
url:	http://www.securitytracker.com/id/1032284	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9161	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150014.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9161	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics?seq=16279	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	http://get.adobe.com/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39378	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-77106 // VULMON: CVE-2014-9161 // BID: 74600 // JVNDB: JVNDB-2014-007815 // CNNVD: CNNVD-201501-754 // NVD: CVE-2014-9161

CREDITS

instruder of Alibaba Security Research Team, Mateusz Jurczyk of Google Project Zero, Alex Inführ of Cure53.de, Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team, Wei Lei, as well as Wu Hongjun of Nanyang Technological Uni

Trust: 0.3

sources: BID: 74600

SOURCES

db:	VULHUB	id:	VHN-77106
db:	VULMON	id:	CVE-2014-9161
db:	BID	id:	74600
db:	JVNDB	id:	JVNDB-2014-007815
db:	CNNVD	id:	CNNVD-201501-754
db:	NVD	id:	CVE-2014-9161

LAST UPDATE DATE

2024-11-23T21:44:16.322000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-77106	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2014-9161	date:	2017-01-03T00:00:00
db:	BID	id:	74600	date:	2015-07-15T01:02:00
db:	JVNDB	id:	JVNDB-2014-007815	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201501-754	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2014-9161	date:	2024-11-21T02:20:19.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-77106	date:	2015-01-30T00:00:00
db:	VULMON	id:	CVE-2014-9161	date:	2015-01-30T00:00:00
db:	BID	id:	74600	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-007815	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-754	date:	2015-01-30T00:00:00
db:	NVD	id:	CVE-2014-9161	date:	2015-01-30T11:59:50.610