Details of VAR-201505-0302

ID

VAR-201505-0302

CVE

CVE-2015-3050

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-002628

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. Adobe Reader and Acrobat are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. The following products and versions are affected: Adobe Reader 10.1.13 and earlier and 11.0.10 and earlier, Acrobat 10.1.13 and earlier and 11.0.10 and earlier

Trust: 2.07

sources: NVD: CVE-2015-3050 // JVNDB: JVNDB-2015-002628 // BID: 74600 // VULHUB: VHN-81011 // VULMON: CVE-2015-3050

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.13	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.13	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.10	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 74600 // JVNDB: JVNDB-2015-002628 // CNNVD: CNNVD-201505-163 // NVD: CVE-2015-3050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3050
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3050
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-163
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-81011
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-3050
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3050
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81011
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81011 // VULMON: CVE-2015-3050 // JVNDB: JVNDB-2015-002628 // CNNVD: CNNVD-201505-163 // NVD: CVE-2015-3050

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81011 // JVNDB: JVNDB-2015-002628 // NVD: CVE-2015-3050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-163

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201505-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002628

PATCH

title:	APSB15-10	url:	http://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514.html	Trust: 0.8
title:	AdbeRdrUpd11011	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55535	Trust: 0.6
title:	AcrobatUpd11011	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55539	Trust: 0.6
title:	AdbeRdrUpd10114	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55534	Trust: 0.6
title:	AcrobatUpd10114	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55538	Trust: 0.6
title:	AdbeRdrUpd11011	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55533	Trust: 0.6
title:	AcrobatUpd11011	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55537	Trust: 0.6
title:	AdbeRdrUpd10114	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55532	Trust: 0.6
title:	AcrobatUpd10114	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55536	Trust: 0.6
title:	Debian CVElist Bug Report Logs: apache-directory-api: CVE-2015-3250	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=3e18fe2f114e763369218926ea3734ed	Trust: 0.1

sources: VULMON: CVE-2015-3050 // JVNDB: JVNDB-2015-002628 // CNNVD: CNNVD-201505-163

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3050	Trust: 2.9
db:	BID	id:	74600	Trust: 1.5
db:	SECTRACK	id:	1032284	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002628	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-163	Trust: 0.7
db:	VULHUB	id:	VHN-81011	Trust: 0.1
db:	VULMON	id:	CVE-2015-3050	Trust: 0.1

sources: VULHUB: VHN-81011 // VULMON: CVE-2015-3050 // BID: 74600 // JVNDB: JVNDB-2015-002628 // CNNVD: CNNVD-201505-163 // NVD: CVE-2015-3050

REFERENCES

url:	https://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/74600	Trust: 1.2
url:	http://www.securitytracker.com/id/1032284	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3050	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150014.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3050	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics?seq=16279	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	http://get.adobe.com/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39065	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-81011 // VULMON: CVE-2015-3050 // BID: 74600 // JVNDB: JVNDB-2015-002628 // CNNVD: CNNVD-201505-163 // NVD: CVE-2015-3050

CREDITS

instruder of Alibaba Security Research Team, Mateusz Jurczyk of Google Project Zero, Alex Inführ of Cure53.de, Mateusz Jurczyk of Google Project Zero and Gynvael Coldwind of Google Security Team, Wei Lei, as well as Wu Hongjun of Nanyang Technological Uni

Trust: 0.3

sources: BID: 74600

SOURCES

db:	VULHUB	id:	VHN-81011
db:	VULMON	id:	CVE-2015-3050
db:	BID	id:	74600
db:	JVNDB	id:	JVNDB-2015-002628
db:	CNNVD	id:	CNNVD-201505-163
db:	NVD	id:	CVE-2015-3050

LAST UPDATE DATE

2024-11-23T21:44:16.037000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81011	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2015-3050	date:	2017-01-03T00:00:00
db:	BID	id:	74600	date:	2015-07-15T01:02:00
db:	JVNDB	id:	JVNDB-2015-002628	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-163	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-3050	date:	2024-11-21T02:28:33.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81011	date:	2015-05-13T00:00:00
db:	VULMON	id:	CVE-2015-3050	date:	2015-05-13T00:00:00
db:	BID	id:	74600	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002628	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-163	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3050	date:	2015-05-13T10:59:46.840