Details of VAR-201505-0210

ID

VAR-201505-0210

CVE

CVE-2014-9160

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002623

DESCRIPTION

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.11 Adobe Reader 10.x versions prior to 10.1.14 Adobe Acrobat 11.x versions prior to 11.0.11 Adobe Acrobat 10.x versions prior to 10.1.14. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 2.07

sources: NVD: CVE-2014-9160 // JVNDB: JVNDB-2015-002623 // BID: 74599 // VULHUB: VHN-77105 // VULMON: CVE-2014-9160

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.10	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.10	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.13	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.13	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.13	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.09	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.12	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.13	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.09	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.05	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.3	Trust: 0.3

sources: BID: 74599 // JVNDB: JVNDB-2015-002623 // CNNVD: CNNVD-201505-113 // NVD: CVE-2014-9160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9160
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9160
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-113
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-77105
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-9160
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9160
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-77105
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-77105 // VULMON: CVE-2014-9160 // JVNDB: JVNDB-2015-002623 // CNNVD: CNNVD-201505-113 // NVD: CVE-2014-9160

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-77105 // JVNDB: JVNDB-2015-002623 // NVD: CVE-2014-9160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-113

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201505-113

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002623

PATCH

title:	APSB15-10	url:	http://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002623

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9160	Trust: 2.9
db:	SECTRACK	id:	1032284	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002623	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-113	Trust: 0.7
db:	BID	id:	74599	Trust: 0.4
db:	PACKETSTORM	id:	133603	Trust: 0.1
db:	VULHUB	id:	VHN-77105	Trust: 0.1
db:	VULMON	id:	CVE-2014-9160	Trust: 0.1

sources: VULHUB: VHN-77105 // VULMON: CVE-2014-9160 // BID: 74599 // JVNDB: JVNDB-2015-002623 // CNNVD: CNNVD-201505-113 // NVD: CVE-2014-9160

REFERENCES

url:	https://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 2.1
url:	http://www.securitytracker.com/id/1032284	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9160	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150014.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9160	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics?seq=16279	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/adobe-reader-apsb15-10-cve-2014-9160	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-77105 // VULMON: CVE-2014-9160 // BID: 74599 // JVNDB: JVNDB-2015-002623 // CNNVD: CNNVD-201505-113 // NVD: CVE-2014-9160

CREDITS

Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team.

Trust: 0.3

sources: BID: 74599

SOURCES

db:	VULHUB	id:	VHN-77105
db:	VULMON	id:	CVE-2014-9160
db:	BID	id:	74599
db:	JVNDB	id:	JVNDB-2015-002623
db:	CNNVD	id:	CNNVD-201505-113
db:	NVD	id:	CVE-2014-9160

LAST UPDATE DATE

2024-11-23T21:44:15.821000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-77105	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2014-9160	date:	2017-01-03T00:00:00
db:	BID	id:	74599	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002623	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-113	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2014-9160	date:	2024-11-21T02:20:19.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-77105	date:	2015-05-13T00:00:00
db:	VULMON	id:	CVE-2014-9160	date:	2015-05-13T00:00:00
db:	BID	id:	74599	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002623	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-113	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2014-9160	date:	2015-05-13T10:59:00.097