CVE-2019-7131 - Vulnerability Details

Vendors	Products
Adobe	Acrobat Dc Acrobat Reader Dc
Apple	Macos
Microsoft	Windows

Link	Providers
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Adobe Acrobat and Reader", "vendor": "Adobe", "versions": [{"status": "affected", "version": "2019.010.20064\u00a0and earlier, 2019.010.20064\u00a0and earlier, 2017.011.30110\u00a0and earlier version, and 2015.006.30461\u00a0and earlier versions"}]}], "descriptions": [{"lang": "en", "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Type Confusion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T23:12:51", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Adobe Acrobat and Reader", "version": {"version_data": [{"version_value": "2019.010.20064\u00a0and earlier, 2019.010.20064\u00a0and earlier, 2017.011.30110\u00a0and earlier version, and 2015.006.30461\u00a0and earlier versions"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Type Confusion"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:38:33.432Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7131", "datePublished": "2020-01-27T23:12:51", "dateReserved": "2019-01-28T00:00:00", "dateUpdated": "2024-08-04T20:38:33.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Adobe Acrobat and Reader (string)

vendor : Adobe (string)

versions : [ »

0 : { »

status : affected (string)

version : 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier versions (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Type Confusion (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-01-27T23:12:51 (string)

orgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

shortName : adobe (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@adobe.com (string)

ID : CVE-2019-7131 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Adobe Acrobat and Reader (string)

version : { »

version_data : [ »

0 : { »

version_value : 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier versions (string)

}

]

}

]

}

vendor_name : Adobe (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Type Confusion (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

refsource : CONFIRM (string)

url : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:38:33.432Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 078d4453-3bcd-4900-85e6-15281da43538 (string)

assignerShortName : adobe (string)

cveId : CVE-2019-7131 (string)

datePublished : 2020-01-27T23:12:51 (string)

dateReserved : 2019-01-28T00:00:00 (string)

dateUpdated : 2024-08-04T20:38:33.432Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "7539BDAC-FA65-4AFF-ACF2-255951AC91F6", "versionEndExcluding": "15.006.30464", "versionStartIncluding": "15.006.30060", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "25FCEE89-7226-4202-ABF2-2AC63181EC08", "versionEndExcluding": "19.010.20069", "versionStartIncluding": "15.008.20082", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "0819B822-E4D7-44CE-AC5E-8A872B1520B8", "versionEndExcluding": "17.011.30113", "versionStartIncluding": "17.011.30059", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "9214514C-CCF2-4815-9D37-EDBEAB611BD5", "versionEndExcluding": "15.006.30464", "versionStartIncluding": "15.006.30060", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "589931C8-F9FD-4975-BF9F-CED153E28174", "versionEndExcluding": "19.010.20069", "versionStartIncluding": "15.008.20082", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "FA47C259-A51B-42B9-BEB7-B9F26E55425C", "versionEndExcluding": "17.011.30113", "versionStartIncluding": "17.011.30059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution."}, {"lang": "es", "value": "Adobe Acrobat and Reader versiones 2019.010.20064 y anteriores, 2019.010.20064 y anteriores, 2017.011.30110 y versiones anteriores, y 2015.006.30461 y anteriores, presentan una vulnerabilidad de confusi\u00f3n de tipos. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2019-7131", "lastModified": "2024-11-21T04:47:37.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-28T00:15:11.087", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (string)

matchCriteriaId : 7539BDAC-FA65-4AFF-ACF2-255951AC91F6 (string)

versionEndExcluding : 15.006.30464 (string)

versionStartIncluding : 15.006.30060 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* (string)

matchCriteriaId : 25FCEE89-7226-4202-ABF2-2AC63181EC08 (string)

versionEndExcluding : 19.010.20069 (string)

versionStartIncluding : 15.008.20082 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (string)

matchCriteriaId : 0819B822-E4D7-44CE-AC5E-8A872B1520B8 (string)

versionEndExcluding : 17.011.30113 (string)

versionStartIncluding : 17.011.30059 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (string)

matchCriteriaId : 9214514C-CCF2-4815-9D37-EDBEAB611BD5 (string)

versionEndExcluding : 15.006.30464 (string)

versionStartIncluding : 15.006.30060 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* (string)

matchCriteriaId : 589931C8-F9FD-4975-BF9F-CED153E28174 (string)

versionEndExcluding : 19.010.20069 (string)

versionStartIncluding : 15.008.20082 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (string)

matchCriteriaId : FA47C259-A51B-42B9-BEB7-B9F26E55425C (string)

versionEndExcluding : 17.011.30113 (string)

versionStartIncluding : 17.011.30059 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 387021A0-AF36-463C-A605-32EA7DAC172E (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. (string)

}

1 : { »

lang : es (string)

value : Adobe Acrobat and Reader versiones 2019.010.20064 y anteriores, 2019.010.20064 y anteriores, 2017.011.30110 y versiones anteriores, y 2015.006.30461 y anteriores, presentan una vulnerabilidad de confusión de tipos. Una explotación con éxito podría conllevar a una ejecución de código arbitrario. (string)

}

]

id : CVE-2019-7131 (string)

lastModified : 2024-11-21T04:47:37.707 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-01-28T00:15:11.087 (string)

references : [ »

0 : { »

source : psirt@adobe.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://helpx.adobe.com/security/products/acrobat/apsb19-02.html (string)

}

]

sourceIdentifier : psirt@adobe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-843 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object