Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ACROBAT_APSB18-09.NASL
HistoryMay 17, 2018 - 12:00 a.m.

Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09)

2018-05-1700:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(109895);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");

  script_cve_id(
    "CVE-2018-4947",
    "CVE-2018-4948",
    "CVE-2018-4949",
    "CVE-2018-4950",
    "CVE-2018-4951",
    "CVE-2018-4952",
    "CVE-2018-4953",
    "CVE-2018-4954",
    "CVE-2018-4955",
    "CVE-2018-4956",
    "CVE-2018-4957",
    "CVE-2018-4958",
    "CVE-2018-4959",
    "CVE-2018-4960",
    "CVE-2018-4961",
    "CVE-2018-4962",
    "CVE-2018-4963",
    "CVE-2018-4964",
    "CVE-2018-4965",
    "CVE-2018-4966",
    "CVE-2018-4967",
    "CVE-2018-4968",
    "CVE-2018-4969",
    "CVE-2018-4970",
    "CVE-2018-4971",
    "CVE-2018-4972",
    "CVE-2018-4973",
    "CVE-2018-4974",
    "CVE-2018-4975",
    "CVE-2018-4976",
    "CVE-2018-4977",
    "CVE-2018-4978",
    "CVE-2018-4979",
    "CVE-2018-4980",
    "CVE-2018-4981",
    "CVE-2018-4982",
    "CVE-2018-4983",
    "CVE-2018-4984",
    "CVE-2018-4985",
    "CVE-2018-4986",
    "CVE-2018-4987",
    "CVE-2018-4988",
    "CVE-2018-4989",
    "CVE-2018-4990",
    "CVE-2018-4993",
    "CVE-2018-4995",
    "CVE-2018-4996",
    "CVE-2018-12812",
    "CVE-2018-12815"
  );
  script_bugtraq_id(
    104102,
    104167,
    104168,
    104169,
    104171,
    104172,
    104173,
    104174,
    104175,
    104176,
    104177
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");

  script_name(english:"Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote Windows host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote Windows host is a
version prior to 2015.006.30418, 2017.011.30080,
or 2018.011.20040. It is, therefore, affected by multiple
vulnerabilities.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat 2015.006.30418 / 2017.011.30080
/ 2018.011.20040 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4996");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_acrobat_installed.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");

  exit(0);
}

include("vcf.inc");
include("vcf_extras.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

app_info = vcf::get_app_info(app:"Adobe Acrobat", win_local:TRUE);
constraints = [
  { "min_version" : "15.6", "max_version" : "15.6.30417", "fixed_version" : "15.6.30418" },
  { "min_version" : "17.8", "max_version" : "17.11.30079", "fixed_version" : "17.11.30080" },
  { "min_version" : "15.7", "max_version" : "18.11.20038", "fixed_version" : "18.11.20040" }
];
# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, 
# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
VendorProductVersionCPE
adobeacrobatcpe:/a:adobe:acrobat

References

Related

openvas 8
nessus 3
adobe 1
kaspersky 1
trendmicroblog 1
talosblog 2
checkpoint_advisories 29
prion 32
nvd 29
cvelist 34
cve 27
zdi 25
talos 3
cisa_kev 1
attackerkb 1
threatpost 1
seebug 1
openvas
openvas
Adobe Acrobat 2017 Security Updates (APSB18-09) - Windows
2018-05-15 00:00:00
Adobe Reader 2017 Security Updates (APSB18-09) - Mac OS X
2018-05-15 00:00:00
Adobe Reader 2017 Security Updates (APSB18-09) - Windows
2018-05-15 00:00:00
nessus
nessus
Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)
2018-05-17 00:00:00
Adobe Reader <= 2015.006.30417 / 2017.011.30079 / 2018.011.20038 Multiple Vulnerabilities (APSB18-09)
2018-05-17 00:00:00
Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)
2018-05-17 00:00:00
adobe
adobe
APSB18-09 Security Updates Available for Adobe Acrobat and Reader
2018-05-14 00:00:00
kaspersky
kaspersky
KLA11252 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader
2018-05-14 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018
2018-05-18 14:52:12
talosblog
talosblog
Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities
2018-05-15 06:51:00
Vulnerability Spotlight: Multiple Adobe Acrobat DC Remote Code Execution Vulnerabilties
2018-07-10 10:31:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Out-of-bounds read (APSB18-09: CVE-2018-4970)
2018-05-08 00:00:00
Adobe Acrobat Reader DC Collab Remote Code Execution (CVE-2018-12812)
2018-07-15 00:00:00
Adobe Acrobat and Reader Use After Free (APSB18-09 : CVE-2018-12815)
2018-07-15 00:00:00
prion
prion
Type confusion
2018-07-20 19:29:00
Out-of-bounds
2018-07-09 19:29:00
Heap overflow
2018-07-09 19:29:00
nvd
nvd
CVE-2018-12812
2018-07-20 19:29:02
CVE-2018-4963
2018-07-09 19:29:01
CVE-2018-4986
2018-07-09 19:29:03
cvelist
cvelist
CVE-2018-12812
2018-07-20 19:00:00
CVE-2018-4962
2018-07-09 19:00:00
CVE-2018-4984
2018-07-09 19:00:00
cve
cve
CVE-2018-12815
2018-07-20 19:29:02
CVE-2018-4972
2018-07-09 19:29:02
CVE-2018-4960
2018-07-09 19:29:01
zdi
zdi
Adobe Acrobat Pro DC Catalog Index Out-Of-Bounds Read Information Disclosure Vulnerability
2018-06-26 00:00:00
Adobe Acrobat Pro DC Catalog Index Heap-based Buffer Overflow Remote Code Execution Vulnerability
2018-05-15 00:00:00
Adobe Acrobat Pro DC ImageConversion EMF EMR_CREATEDIBPATTERNBRUSHPT Heap-based Buffer Overflow Remote Code Execution Vulnerability
2018-05-15 00:00:00
talos
talos
Adobe Acrobat Reader DC Collab.drivers Remote Code Execution Vulnerability
2018-07-10 00:00:00
Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability
2018-07-10 00:00:00
Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability
2018-05-15 00:00:00
cisa_kev
cisa_kev
Adobe Acrobat and Reader Double Free Vulnerability
2022-06-08 00:00:00
attackerkb
attackerkb
CVE-2018-4990
2018-07-09 00:00:00
threatpost
threatpost
Temporary Patch Released For Adobe Reader Zero-Day
2019-02-11 19:20:08
seebug
seebug
Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability(CVE-2018-4996)
2018-05-17 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for ADOBE_ACROBAT_APSB18-09.NASL
openvas8nessus3adobe1kaspersky1trendmicroblog1talosblog2checkpoint_advisories29prion32nvd29cvelist34cve27zdi25talos3cisa_kev1attackerkb1threatpost1seebug1