Details of VAR-201505-0415

ID

VAR-201505-0415

CVE

CVE-2015-3048

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-002626

DESCRIPTION

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors. Adobe Reader and Acrobat are prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. The affected products are: Adobe Reader 11.x versions prior to 11.0.11 Adobe Reader 10.x versions prior to 10.1.14 Adobe Acrobat 11.x versions prior to 11.0.11 Adobe Acrobat 10.x versions prior to 10.1.14. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 1.98

sources: NVD: CVE-2015-3048 // JVNDB: JVNDB-2015-002626 // BID: 74603 // VULHUB: VHN-81009

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.10	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.12	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.13	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.10	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.11	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.7	Trust: 1.3
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.11	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.10	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.13	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.11)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.14)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.13	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.09	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.12	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	10.1.14	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.13	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.08	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.09	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	11.0.11	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.05	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	11.0.3	Trust: 0.3

sources: BID: 74603 // JVNDB: JVNDB-2015-002626 // CNNVD: CNNVD-201505-161 // NVD: CVE-2015-3048

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3048
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3048
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-161
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-81009
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3048
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-81009
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81009 // JVNDB: JVNDB-2015-002626 // CNNVD: CNNVD-201505-161 // NVD: CVE-2015-3048

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81009 // JVNDB: JVNDB-2015-002626 // NVD: CVE-2015-3048

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-161

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201505-161

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002626

PATCH

title:	APSB15-10	url:	http://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 0.8
title:	APSB15-10	url:	http://helpx.adobe.com/jp/security/products/reader/apsb15-10.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002626

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3048	Trust: 2.8
db:	BID	id:	74603	Trust: 1.4
db:	SECTRACK	id:	1032284	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002626	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-161	Trust: 0.6
db:	VULHUB	id:	VHN-81009	Trust: 0.1

sources: VULHUB: VHN-81009 // BID: 74603 // JVNDB: JVNDB-2015-002626 // CNNVD: CNNVD-201505-161 // NVD: CVE-2015-3048

REFERENCES

url:	https://helpx.adobe.com/security/products/reader/apsb15-10.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/74603	Trust: 1.1
url:	http://www.securitytracker.com/id/1032284	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3048	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150014.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3048	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics?seq=16279	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://www.adobe.com/products/reader/	Trust: 0.3

sources: VULHUB: VHN-81009 // BID: 74603 // JVNDB: JVNDB-2015-002626 // CNNVD: CNNVD-201505-161 // NVD: CVE-2015-3048

CREDITS

Xiaoning Li of Intel Labs and Haifei Li of McAfee Labs IPS Team.

Trust: 0.3

sources: BID: 74603

SOURCES

db:	VULHUB	id:	VHN-81009
db:	BID	id:	74603
db:	JVNDB	id:	JVNDB-2015-002626
db:	CNNVD	id:	CNNVD-201505-161
db:	NVD	id:	CVE-2015-3048

LAST UPDATE DATE

2024-11-23T21:44:17.539000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81009	date:	2017-01-05T00:00:00
db:	BID	id:	74603	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002626	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-161	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3048	date:	2024-11-21T02:28:33.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81009	date:	2015-05-13T00:00:00
db:	BID	id:	74603	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002626	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-161	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3048	date:	2015-05-13T10:59:44.980