Sign-up

ID

VAR-201505-0291


CVE

CVE-2015-3058


TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability in which important information is obtained from process memory

Trust: 0.8

sources: JVNDB: JVNDB-2015-002636

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. This vulnerability allows remote attackers to leak memory addresses from Spell.api on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Spell object. By creating and exporting a custom dictionary, it is possible to leak memory addresses from Spell.api. An attacker can leverage this vulnerability to disclose arbitrary memory. Adobe Acrobat and Reader are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier

Trust: 2.61

sources: NVD: CVE-2015-3058 // JVNDB: JVNDB-2015-002636 // ZDI: ZDI-15-211 // BID: 74618 // VULHUB: VHN-81019

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:eqversion:10.1.7

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.6

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.5

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.1.4

Trust: 1.9

vendor:adobemodel:acrobat readerscope:eqversion:11.0.5

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:11.0.4

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:10.1.0

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:11.0.6

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.4

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.12

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.10

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.9

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.8

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.9

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.7

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.10

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:11.0.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.13

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.11

Trust: 1.3

vendor:adobemodel:acrobat readerscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.3

Trust: 1.0

vendor:microsoftmodel:windowsscope:eqversion:*

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.8

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.10

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.9

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.8

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.7

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.11

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.9

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.7

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.12

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.10

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:11.0.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.8

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.13

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:11.0.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:xi (11.0.11)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:eqversion:x (10.1.14)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:xi (11.0.11)

Trust: 0.8

vendor:adobemodel:readerscope:eqversion:x (10.1.14)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:11.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:ltversion:10.x (windows macintosh)

Trust: 0.8

vendor:adobemodel:acrobat proscope: - version: -

Trust: 0.7

vendor:adobemodel:readerscope:eqversion:11.0.7

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.6

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.12

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.10

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.9

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.10

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.09

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.08

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0.05

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:11.0

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.13

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.11

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:11.0

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.0.13

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 0.3

vendor:adobemodel:readerscope:neversion:11.0.11

Trust: 0.3

vendor:adobemodel:readerscope:neversion:10.1.14

Trust: 0.3

vendor:adobemodel:acrobatscope:neversion:11.0.11

Trust: 0.3

vendor:adobemodel:acrobatscope:neversion:10.1.14

Trust: 0.3

sources: ZDI: ZDI-15-211 // BID: 74618 // JVNDB: JVNDB-2015-002636 // CNNVD: CNNVD-201505-171 // NVD: CVE-2015-3058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3058
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3058
value: MEDIUM

Trust: 0.8

ZDI: CVE-2015-3058
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201505-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81019
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3058
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

VULHUB: VHN-81019
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-211 // VULHUB: VHN-81019 // JVNDB: JVNDB-2015-002636 // CNNVD: CNNVD-201505-171 // NVD: CVE-2015-3058

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81019 // JVNDB: JVNDB-2015-002636 // NVD: CVE-2015-3058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-171

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002636

PATCH
title:APSB15-10url:http://helpx.adobe.com/security/products/reader/apsb15-10.html
Trust: 1.5
title:APSB15-10url:http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20150514.html
Trust: 0.8
sources:
            
            
            ZDI: ZDI-15-211 // 
            
            
            
            JVNDB: JVNDB-2015-002636

EXTERNAL IDS
db:NVDid:CVE-2015-3058
Trust: 3.5
db:ZDIid:ZDI-15-211
Trust: 2.1
db:BIDid:74618
Trust: 1.4
db:SECTRACKid:1032284
Trust: 1.1
db:JVNDBid:JVNDB-2015-002636
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2706
Trust: 0.7
db:CNNVDid:CNNVD-201505-171
Trust: 0.7
db:VULHUBid:VHN-81019
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-211 // 
            
            
            
            VULHUB: VHN-81019 // 
            
            
            
            BID: 74618 // 
            
            
            
            JVNDB: JVNDB-2015-002636 // 
            
            
            
            CNNVD: CNNVD-201505-171 // 
            
            
            
            NVD: CVE-2015-3058

REFERENCES
url:https://helpx.adobe.com/security/products/reader/apsb15-10.html
Trust: 2.7
url:http://www.securityfocus.com/bid/74618
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-15-211
Trust: 1.1
url:http://www.securitytracker.com/id/1032284
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3058
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2015/at150014.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3058
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics?seq=16279
Trust: 0.8
url:http://www.adobe.com/products/acrobat/
Trust: 0.3
url:http://www.adobe.com
Trust: 0.3
url:http://www.adobe.com/products/reader/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-15-211/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-15-211 // 
            
            
            
            VULHUB: VHN-81019 // 
            
            
            
            BID: 74618 // 
            
            
            
            JVNDB: JVNDB-2015-002636 // 
            
            
            
            CNNVD: CNNVD-201505-171 // 
            
            
            
            NVD: CVE-2015-3058

CREDITS
AbdulAziz Hariri - HP Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-15-211

SOURCES
db:ZDIid:ZDI-15-211
db:VULHUBid:VHN-81019
db:BIDid:74618
db:JVNDBid:JVNDB-2015-002636
db:CNNVDid:CNNVD-201505-171
db:NVDid:CVE-2015-3058

LAST UPDATE DATE
2024-11-23T21:44:17.644000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-211date:2015-05-12T00:00:00
db:VULHUBid:VHN-81019date:2017-01-03T00:00:00
db:BIDid:74618date:2015-05-12T00:00:00
db:JVNDBid:JVNDB-2015-002636date:2015-05-15T00:00:00
db:CNNVDid:CNNVD-201505-171date:2015-05-14T00:00:00
db:NVDid:CVE-2015-3058date:2024-11-21T02:28:34.683

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-211date:2015-05-12T00:00:00
db:VULHUBid:VHN-81019date:2015-05-13T00:00:00
db:BIDid:74618date:2015-05-12T00:00:00
db:JVNDBid:JVNDB-2015-002636date:2015-05-15T00:00:00
db:CNNVDid:CNNVD-201505-171date:2015-05-14T00:00:00
db:NVDid:CVE-2015-3058date:2015-05-13T10:59:53.747