NVD Vulnerability Detail

CVE-2011-0564

Summary	Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
Publication Date	Feb. 11, 2011, 3 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:24 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat:8.0:::::::*
cpe:2.3:a:adobe:acrobat:8.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat:8.1.3:::::::*
cpe:2.3:a:adobe:acrobat:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat:8.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat:9.0:::::::*
cpe:2.3:a:adobe:acrobat:9.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat:9.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4.1:::::::*
cpe:2.3:a:adobe:acrobat:10.0:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::

Related information, measures and tools

No	URL	タグ
1	http://www.adobe.com/support/security/bulletins/apsb11-03.html	Patch Vendor Advisory
2	http://www.securitytracker.com/id?1025033
3	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
4	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12548
5	http://www.adobe.com/support/security/bulletins/apsb11-03.html	Patch Vendor Advisory
6	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12548
7	http://www.vupen.com/english/advisories/2011/0337	Vendor Advisory
8	http://www.securitytracker.com/id?1025033

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Adobe Reader および Acrobat における権限昇格の脆弱性

Title	Adobe Reader および Acrobat における権限昇格の脆弱性
Summary	Adobe Reader および Acrobat は、不特定なファイルに対して脆弱なパーミッションを使用してしまうため、権限を取得される脆弱性が存在します。
Possible impacts	攻撃者により、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 8, 2011, midnight
Registration Date	March 8, 2011, 12:36 p.m.
Last Update	March 8, 2011, 12:36 p.m.

Affected System

アドビシステムズ

Adobe Acrobat X (10.0) およびそれ以前

Adobe Reader 9.4.1 およびそれ以前

Adobe Reader X (10.0)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0564	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0564
National Vulnerability Database (NVD)
2	CVE-2011-0564	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0564

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB11-03	http://www.adobe.com/support/security/bulletins/apsb11-03.html
Adobe セキュリティ情報
2	cpsid_89065	http://kb2.adobe.com/jp/cps/890/cpsid_89065.html

その他

No	Name	URL
JPCERT 緊急報告
1	JPCERT-AT-2011-0004	http://www.jpcert.or.jp/at/2011/at110004.txt
Secunia Advisory
2	SA43207	http://secunia.com/advisories/43207
SecurityFocus
3	46257	http://www.securityfocus.com/bid/46257
SecurityTracker
4	1025033	http://www.securitytracker.com/id?1025033
VUPEN Security
5	VUPEN/ADV-2011-0337	http://www.vupen.com/english/advisories/2011/0337
警察庁 @police
6	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2011年03月08日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.0:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4:::::::*
cpe:2.3:a:adobe:acrobat_reader:9.4.1:::::::*
cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:acrobat:8.0:::::::*
cpe:2.3:a:adobe:acrobat:8.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
cpe:2.3:a:adobe:acrobat:8.1.2:::::::*
cpe:2.3:a:adobe:acrobat:8.1.3:::::::*
cpe:2.3:a:adobe:acrobat:8.1.4:::::::*
cpe:2.3:a:adobe:acrobat:8.1.5:::::::*
cpe:2.3:a:adobe:acrobat:8.1.6:::::::*
cpe:2.3:a:adobe:acrobat:8.1.7:::::::*
cpe:2.3:a:adobe:acrobat:8.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.1:::::::*
cpe:2.3:a:adobe:acrobat:8.2.2:::::::*
cpe:2.3:a:adobe:acrobat:8.2.3:::::::*
cpe:2.3:a:adobe:acrobat:8.2.4:::::::*
cpe:2.3:a:adobe:acrobat:9.0:::::::*
cpe:2.3:a:adobe:acrobat:9.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.1:::::::*
cpe:2.3:a:adobe:acrobat:9.1.2:::::::*
cpe:2.3:a:adobe:acrobat:9.1.3:::::::*
cpe:2.3:a:adobe:acrobat:9.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.1:::::::*
cpe:2.3:a:adobe:acrobat:9.3.2:::::::*
cpe:2.3:a:adobe:acrobat:9.3.3:::::::*
cpe:2.3:a:adobe:acrobat:9.3.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4:::::::*
cpe:2.3:a:adobe:acrobat:9.4.1:::::::*
cpe:2.3:a:adobe:acrobat:10.0:::::::*
execution environment
1	cpe:2.3:o:microsoft:windows::::::::