ID CVE-2015-5111Type cveReporter NVDModified 2017-09-21T21:29:22
Description
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.
{"title": "CVE-2015-5111", "reporter": "NVD", "published": "2015-07-15T10:59:38", "cpe": ["cpe:/a:adobe:acrobat_reader:10.1.11", "cpe:/a:adobe:acrobat:10.0.3", "cpe:/a:adobe:acrobat_reader:10.1.12", "cpe:/a:adobe:acrobat:10.1.6", "cpe:/a:adobe:acrobat:11.0.5", "cpe:/a:adobe:acrobat:11.0.8", "cpe:/a:adobe:acrobat:11.0.0", "cpe:/a:adobe:acrobat:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.5", "cpe:/a:adobe:acrobat_reader:10.1.8", "cpe:/a:adobe:acrobat_reader:11.0.8", "cpe:/a:adobe:acrobat:10.0", "cpe:/a:adobe:acrobat_reader:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.6", "cpe:/a:adobe:acrobat:11.0.11", "cpe:/a:adobe:acrobat_reader:11.0.6", "cpe:/a:adobe:acrobat_reader:11.0.11", "cpe:/a:adobe:acrobat:11.0.4", "cpe:/a:adobe:acrobat_reader:10.1.13", "cpe:/a:adobe:acrobat:10.1.5", "cpe:/a:adobe:acrobat:10.0.2", "cpe:/a:adobe:acrobat_reader:10.1.3", "cpe:/a:adobe:acrobat:11.0.9", "cpe:/a:adobe:acrobat_reader:11.0.9", "cpe:/a:adobe:acrobat:10.0.1", "cpe:/a:adobe:acrobat_reader:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.7", "cpe:/a:adobe:acrobat:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1", "cpe:/a:adobe:acrobat_reader:10.1.10", "cpe:/a:adobe:acrobat_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat_reader:11.0", "cpe:/a:adobe:acrobat:10.1.1", "cpe:/a:adobe:acrobat:11.0.7", "cpe:/a:adobe:acrobat:10.1.14", "cpe:/a:adobe:acrobat_reader_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat:11.0.1", "cpe:/a:adobe:acrobat_reader:11.0.10", "cpe:/a:adobe:acrobat_reader:10.0", "cpe:/a:adobe:acrobat:11.0.2", "cpe:/a:adobe:acrobat_reader:10.1.1", "cpe:/a:adobe:acrobat_reader:11.0.3", "cpe:/a:adobe:acrobat:10.1.12", "cpe:/a:adobe:acrobat:11.0.10", "cpe:/a:adobe:acrobat_reader:11.0.2", "cpe:/a:adobe:acrobat_reader:11.0.1", "cpe:/a:adobe:acrobat:10.1.0", "cpe:/a:adobe:acrobat:10.1.2", "cpe:/a:adobe:acrobat_reader:10.0.1", "cpe:/a:adobe:acrobat:10.1.13", "cpe:/a:adobe:acrobat:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.5", "cpe:/a:adobe:acrobat_reader:10.1.14", "cpe:/a:adobe:acrobat:10.1.11", "cpe:/a:adobe:acrobat:11.0.3", "cpe:/a:adobe:acrobat_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat_reader:10.1.2", "cpe:/a:adobe:acrobat_reader:11.0.4", "cpe:/a:adobe:acrobat:10.1.3", "cpe:/a:adobe:acrobat_reader_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat:10.1.8", "cpe:/a:adobe:acrobat:10.1.10", "cpe:/a:adobe:acrobat:11.0.6"], "cvelist": ["CVE-2015-5111"], "viewCount": 2, "objectVersion": "1.3", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5111", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4614e1bbfd9021ec90c3bfd6feb8f933", "key": "cpe"}, {"hash": "fae801a8e5e130ee2b4901705a4f60f8", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a994185a717fecbfefb3fad3cc11ffd9", "key": "description"}, {"hash": "29191915fc8adf64cc9f3daeacf4058d", "key": "href"}, {"hash": "979755f9c1c56ee8b0d3d01c8490dbbe", "key": "modified"}, {"hash": "5cb9a785b4d5b0432b181af6911049fa", "key": "published"}, {"hash": "3a63c05a3f28a3f4d214d703ec75ae51", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "4217737909801a3c3e5d7f2d71e622ad", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-07-15T10:59:38", "cvelist": ["CVE-2015-5111"], "title": "CVE-2015-5111", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5111", "bulletinFamily": "NVD", "id": "CVE-2015-5111", "history": [], "scanner": [], "cpe": ["cpe:/a:adobe:acrobat_reader:10.1.11", "cpe:/a:adobe:acrobat:10.0.3", "cpe:/a:adobe:acrobat_reader:10.1.12", "cpe:/a:adobe:acrobat:10.1.6", "cpe:/a:adobe:acrobat:11.0.5", "cpe:/a:adobe:acrobat:11.0.8", "cpe:/a:adobe:acrobat:11.0.0", "cpe:/a:adobe:acrobat:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.5", "cpe:/a:adobe:acrobat_reader:10.1.8", "cpe:/a:adobe:acrobat_reader:11.0.8", "cpe:/a:adobe:acrobat:10.0", "cpe:/a:adobe:acrobat_reader:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.6", "cpe:/a:adobe:acrobat:11.0.11", "cpe:/a:adobe:acrobat_reader:11.0.6", "cpe:/a:adobe:acrobat_reader:11.0.11", "cpe:/a:adobe:acrobat:11.0.4", "cpe:/a:adobe:acrobat_reader:10.1.13", "cpe:/a:adobe:acrobat:10.1.5", "cpe:/a:adobe:acrobat:10.0.2", "cpe:/a:adobe:acrobat_reader:10.1.3", "cpe:/a:adobe:acrobat:11.0.9", "cpe:/a:adobe:acrobat_reader:11.0.9", "cpe:/a:adobe:acrobat:10.0.1", "cpe:/a:adobe:acrobat_reader:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.7", "cpe:/a:adobe:acrobat:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1", "cpe:/a:adobe:acrobat_reader:10.1.10", "cpe:/a:adobe:acrobat_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat_reader:11.0", "cpe:/a:adobe:acrobat:10.1.1", "cpe:/a:adobe:acrobat:11.0.7", "cpe:/a:adobe:acrobat:10.1.14", "cpe:/a:adobe:acrobat_reader_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat:11.0.1", "cpe:/a:adobe:acrobat_reader:11.0.10", "cpe:/a:adobe:acrobat_reader:10.0", "cpe:/a:adobe:acrobat:11.0.2", "cpe:/a:adobe:acrobat_reader:10.1.1", "cpe:/a:adobe:acrobat_reader:11.0.3", "cpe:/a:adobe:acrobat:10.1.12", "cpe:/a:adobe:acrobat:11.0.10", "cpe:/a:adobe:acrobat_reader:11.0.2", "cpe:/a:adobe:acrobat_reader:11.0.1", "cpe:/a:adobe:acrobat:10.1.0", "cpe:/a:adobe:acrobat:10.1.2", "cpe:/a:adobe:acrobat_reader:10.0.1", "cpe:/a:adobe:acrobat:10.1.13", "cpe:/a:adobe:acrobat:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.5", "cpe:/a:adobe:acrobat_reader:10.1.14", "cpe:/a:adobe:acrobat:10.1.11", "cpe:/a:adobe:acrobat:11.0.3", "cpe:/a:adobe:acrobat_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat_reader:10.1.2", "cpe:/a:adobe:acrobat_reader:11.0.4", "cpe:/a:adobe:acrobat:10.1.3", "cpe:/a:adobe:acrobat_reader_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat:10.1.8", "cpe:/a:adobe:acrobat:10.1.10", "cpe:/a:adobe:acrobat:11.0.6"], "modified": "2015-07-17T18:30:34", "hash": "2b67416bf5be7c893fae826b0067f1d172fdcf0db12c5b041df329f4958933e8", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["https://helpx.adobe.com/security/products/reader/apsb15-15.html"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "61cbe41f074cbfb6888884133c26fcdb", "key": "references"}, {"hash": "d2cfb3ffe85c9413bc24709a1b9f00ff", "key": "modified"}, {"hash": "4614e1bbfd9021ec90c3bfd6feb8f933", "key": "cpe"}, {"hash": "4217737909801a3c3e5d7f2d71e622ad", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "fae801a8e5e130ee2b4901705a4f60f8", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a994185a717fecbfefb3fad3cc11ffd9", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5cb9a785b4d5b0432b181af6911049fa", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "29191915fc8adf64cc9f3daeacf4058d", "key": "href"}], "lastseen": "2016-09-03T22:49:45", "description": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:49:45"}, {"bulletin": {"reporter": "NVD", "published": "2015-07-15T10:59:38", "cvelist": ["CVE-2015-5111"], "title": "CVE-2015-5111", "objectVersion": "1.2", "description": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5111", "bulletinFamily": "NVD", "id": "CVE-2015-5111", "history": [], "scanner": [], "enchantments": {}, "modified": "2016-11-28T14:31:56", "hash": "7701634b41ab8d5db14c7226afada6ac820d2f1627d6eb3306ffebbf122fd8ec", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 1, "edition": 2, "cpe": ["cpe:/a:adobe:acrobat_reader:10.1.11", "cpe:/a:adobe:acrobat:10.0.3", "cpe:/a:adobe:acrobat_reader:10.1.12", "cpe:/a:adobe:acrobat:10.1.6", "cpe:/a:adobe:acrobat:11.0.5", "cpe:/a:adobe:acrobat:11.0.8", "cpe:/a:adobe:acrobat:11.0.0", "cpe:/a:adobe:acrobat:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.5", "cpe:/a:adobe:acrobat_reader:10.1.8", "cpe:/a:adobe:acrobat_reader:11.0.8", "cpe:/a:adobe:acrobat:10.0", "cpe:/a:adobe:acrobat_reader:10.1.7", "cpe:/a:adobe:acrobat_reader:10.1.6", "cpe:/a:adobe:acrobat:11.0.11", "cpe:/a:adobe:acrobat_reader:11.0.6", "cpe:/a:adobe:acrobat_reader:11.0.11", "cpe:/a:adobe:acrobat:11.0.4", "cpe:/a:adobe:acrobat_reader:10.1.13", "cpe:/a:adobe:acrobat:10.1.5", "cpe:/a:adobe:acrobat:10.0.2", "cpe:/a:adobe:acrobat_reader:10.1.3", "cpe:/a:adobe:acrobat:11.0.9", "cpe:/a:adobe:acrobat_reader:11.0.9", "cpe:/a:adobe:acrobat:10.0.1", "cpe:/a:adobe:acrobat_reader:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.7", "cpe:/a:adobe:acrobat:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1.9", "cpe:/a:adobe:acrobat_reader:10.1", "cpe:/a:adobe:acrobat_reader:10.1.10", "cpe:/a:adobe:acrobat_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat_reader:11.0", "cpe:/a:adobe:acrobat:10.1.1", "cpe:/a:adobe:acrobat:11.0.7", "cpe:/a:adobe:acrobat:10.1.14", "cpe:/a:adobe:acrobat_reader_dc:2015.006.30033::~~classic~~~", "cpe:/a:adobe:acrobat:11.0.1", "cpe:/a:adobe:acrobat_reader:11.0.10", "cpe:/a:adobe:acrobat_reader:10.0", "cpe:/a:adobe:acrobat:11.0.2", "cpe:/a:adobe:acrobat_reader:10.1.1", "cpe:/a:adobe:acrobat_reader:11.0.3", "cpe:/a:adobe:acrobat:10.1.12", "cpe:/a:adobe:acrobat:11.0.10", "cpe:/a:adobe:acrobat_reader:11.0.2", "cpe:/a:adobe:acrobat_reader:11.0.1", "cpe:/a:adobe:acrobat:10.1.0", "cpe:/a:adobe:acrobat:10.1.2", "cpe:/a:adobe:acrobat_reader:10.0.1", "cpe:/a:adobe:acrobat:10.1.13", "cpe:/a:adobe:acrobat:10.1.4", "cpe:/a:adobe:acrobat_reader:11.0.5", "cpe:/a:adobe:acrobat_reader:10.1.14", "cpe:/a:adobe:acrobat:10.1.11", "cpe:/a:adobe:acrobat:11.0.3", "cpe:/a:adobe:acrobat_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat_reader:10.1.2", "cpe:/a:adobe:acrobat_reader:11.0.4", "cpe:/a:adobe:acrobat:10.1.3", "cpe:/a:adobe:acrobat_reader_dc:2015.007.20033::~~continuous~~~", "cpe:/a:adobe:acrobat:10.1.8", "cpe:/a:adobe:acrobat:10.1.10", "cpe:/a:adobe:acrobat:11.0.6"], "references": ["http://www.securityfocus.com/bid/75739", "https://helpx.adobe.com/security/products/reader/apsb15-15.html"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "4614e1bbfd9021ec90c3bfd6feb8f933", "key": "cpe"}, {"hash": "4217737909801a3c3e5d7f2d71e622ad", "key": "title"}, {"hash": "fae801a8e5e130ee2b4901705a4f60f8", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a994185a717fecbfefb3fad3cc11ffd9", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "dd164103c9e29705c2938944b8cdd7a3", "key": "modified"}, {"hash": "5cb9a785b4d5b0432b181af6911049fa", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "29191915fc8adf64cc9f3daeacf4058d", "key": "href"}, {"hash": "9b91cd52e3f3cc05c89f4b4ee3cd5082", "key": "references"}], "lastseen": "2017-04-18T15:57:27", "assessment": {"name": "", "href": "", "system": ""}}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:57:27"}], "scanner": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2017-09-21T21:29:22", "hash": "d335f4d0d6508e93dda62fa375fccf688aef19b7b97b7e5f3fd18585692400ca", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "edition": 3, "description": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.", "references": ["http://www.securityfocus.com/bid/75739", "https://helpx.adobe.com/security/products/reader/apsb15-15.html", "http://www.securitytracker.com/id/1032892"], "id": "CVE-2015-5111", "lastseen": "2017-09-22T10:42:18", "assessment": {"name": "", "href": "", "system": ""}}
{"zdi": [{"lastseen": "2016-11-09T00:18:11", "references": ["https://helpx.adobe.com/security/products/reader/apsb15-15.html"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the Text fields with Format field actions. A specially crafted Text field with a Format field action can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "reporter": "Brian Gorenc - HP Zero Day Initiative", "published": "2015-07-14T00:00:00", "title": " Adobe Reader Text Field Format Action Use-After-Free Remote Code Execution Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-5111"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-308", "id": "ZDI-15-308", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-17T13:35:43", "references": ["http://www.securityfocus.com/bid/75402", "https://helpx.adobe.com/security/products/acrobat/apsb15-15.html", "http://www.securityfocus.com/bid/75749", "http://www.securityfocus.com/bid/75740"], "pluginID": "1361412562310805679", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-21T00:00:00", "title": "Adobe Reader Multiple Vulnerabilities - 01 July15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-09-17T00:00:00", "id": "OPENVAS:1361412562310805679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_mult_vuln01_july15_win.nasl 2015-07-21 11:27:48 July$\n#\n# Adobe Reader Multiple Vulnerabilities - 01 July15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805679\");\n script_version(\"$Revision: 11424 $\");\n script_cve_id(\"CVE-2015-5115\", \"CVE-2015-5114\", \"CVE-2015-5113\", \"CVE-2015-5111\",\n \"CVE-2015-5110\", \"CVE-2015-5109\", \"CVE-2015-5108\", \"CVE-2015-5107\",\n \"CVE-2015-5106\", \"CVE-2015-5105\", \"CVE-2015-5104\", \"CVE-2015-5103\",\n \"CVE-2015-5102\", \"CVE-2015-5101\", \"CVE-2015-5100\", \"CVE-2015-5099\",\n \"CVE-2015-5098\", \"CVE-2015-5097\", \"CVE-2015-5096\", \"CVE-2015-5095\",\n \"CVE-2015-5094\", \"CVE-2015-5093\", \"CVE-2015-5092\", \"CVE-2015-5091\",\n \"CVE-2015-5090\", \"CVE-2015-5089\", \"CVE-2015-5088\", \"CVE-2015-5087\",\n \"CVE-2015-5086\", \"CVE-2015-5085\", \"CVE-2015-4452\", \"CVE-2015-4451\",\n \"CVE-2015-4450\", \"CVE-2015-4449\", \"CVE-2015-4448\", \"CVE-2015-4447\",\n \"CVE-2015-4446\", \"CVE-2015-4445\", \"CVE-2015-4444\", \"CVE-2015-4443\",\n \"CVE-2015-4441\", \"CVE-2015-4438\", \"CVE-2015-4435\", \"CVE-2015-3095\",\n \"CVE-2014-8450\", \"CVE-2014-0566\");\n script_bugtraq_id(75740, 75739, 75746, 75741, 75749, 75747, 69825, 75748, 75742,\n 75738, 75743, 75737, 75735, 75402);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-17 10:03:52 +0200 (Mon, 17 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 11:27:48 +0530 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Reader Multiple Vulnerabilities - 01 July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple integer over flow vulnerabilities.\n\n - Multiple buffer over flow vulnerabilities.\n\n - Some unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial of service, bypass certain security restrictions,\n to obtain sensitive information, execute arbitrary code and compromise a\n user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader 10.x before 10.1.15\n and 11.x before 11.0.12 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 10.1.15 or\n 11.0.12 or later. For updates refer http://get.adobe.com/reader\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75740\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75749\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75402\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"10.0\", test_version2:\"10.1.14\"))\n{\n fix = \"10.1.15\";\n VULN = TRUE ;\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.11\"))\n{\n fix = \"11.0.12\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + readerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-17T13:36:18", "references": ["http://www.securityfocus.com/bid/75402", "https://helpx.adobe.com/security/products/acrobat/apsb15-15.html", "http://www.securityfocus.com/bid/75749", "http://www.securityfocus.com/bid/75740"], "pluginID": "1361412562310805682", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-21T00:00:00", "title": "Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-09-17T00:00:00", "id": "OPENVAS:1361412562310805682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805682", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_mult_vuln01_july15_win.nasl 2015-07-21 11:27:48 July$\n#\n# Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805682\");\n script_version(\"$Revision: 11424 $\");\n script_cve_id(\"CVE-2015-5115\", \"CVE-2015-5114\", \"CVE-2015-5113\", \"CVE-2015-5111\",\n \"CVE-2015-5110\", \"CVE-2015-5109\", \"CVE-2015-5108\", \"CVE-2015-5107\",\n \"CVE-2015-5106\", \"CVE-2015-5105\", \"CVE-2015-5104\", \"CVE-2015-5103\",\n \"CVE-2015-5102\", \"CVE-2015-5101\", \"CVE-2015-5100\", \"CVE-2015-5099\",\n \"CVE-2015-5098\", \"CVE-2015-5097\", \"CVE-2015-5096\", \"CVE-2015-5095\",\n \"CVE-2015-5094\", \"CVE-2015-5093\", \"CVE-2015-5092\", \"CVE-2015-5091\",\n \"CVE-2015-5090\", \"CVE-2015-5089\", \"CVE-2015-5088\", \"CVE-2015-5087\",\n \"CVE-2015-5086\", \"CVE-2015-5085\", \"CVE-2015-4452\", \"CVE-2015-4451\",\n \"CVE-2015-4450\", \"CVE-2015-4449\", \"CVE-2015-4448\", \"CVE-2015-4447\",\n \"CVE-2015-4446\", \"CVE-2015-4445\", \"CVE-2015-4444\", \"CVE-2015-4443\",\n \"CVE-2015-4441\", \"CVE-2015-4438\", \"CVE-2015-4435\", \"CVE-2015-3095\",\n \"CVE-2014-8450\", \"CVE-2014-0566\");\n script_bugtraq_id(75740, 75739, 75746, 75741, 75749, 75747, 69825, 75748, 75742,\n 75738, 75743, 75737, 75735, 75402);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-17 10:03:52 +0200 (Mon, 17 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 11:27:48 +0530 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple integer over flow vulnerabilities.\n\n - Multiple buffer over flow vulnerabilities.\n\n - Some unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial of service, bypass certain security restrictions,\n to obtain sensitive information, execute arbitrary code and compromise a\n user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 10.x before 10.1.15\n and 11.x before 11.0.12 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 10.1.15 or\n 11.0.12 or later. For updates refer to http://www.adobe.com/in/products/acrobat.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75740\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75749\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75402\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"10.0\", test_version2:\"10.1.14\"))\n{\n fix = \"10.1.15\";\n VULN = TRUE ;\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.11\"))\n{\n fix = \"11.0.12\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + readerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-17T13:36:16", "references": ["http://www.securityfocus.com/bid/75402", "https://helpx.adobe.com/security/products/acrobat/apsb15-15.html", "http://www.securityfocus.com/bid/75749", "http://www.securityfocus.com/bid/75740"], "pluginID": "1361412562310805681", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-21T00:00:00", "title": "Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-09-17T00:00:00", "id": "OPENVAS:1361412562310805681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805681", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_mult_vuln01_july15_macosx.nasl 2015-07-21 11:27:48 July$\n#\n# Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805681\");\n script_version(\"$Revision: 11424 $\");\n script_cve_id(\"CVE-2015-5115\", \"CVE-2015-5114\", \"CVE-2015-5113\", \"CVE-2015-5111\",\n \"CVE-2015-5110\", \"CVE-2015-5109\", \"CVE-2015-5108\", \"CVE-2015-5107\",\n \"CVE-2015-5106\", \"CVE-2015-5105\", \"CVE-2015-5104\", \"CVE-2015-5103\",\n \"CVE-2015-5102\", \"CVE-2015-5101\", \"CVE-2015-5100\", \"CVE-2015-5099\",\n \"CVE-2015-5098\", \"CVE-2015-5097\", \"CVE-2015-5096\", \"CVE-2015-5095\",\n \"CVE-2015-5094\", \"CVE-2015-5093\", \"CVE-2015-5092\", \"CVE-2015-5091\",\n \"CVE-2015-5090\", \"CVE-2015-5089\", \"CVE-2015-5088\", \"CVE-2015-5087\",\n \"CVE-2015-5086\", \"CVE-2015-5085\", \"CVE-2015-4452\", \"CVE-2015-4451\",\n \"CVE-2015-4450\", \"CVE-2015-4449\", \"CVE-2015-4448\", \"CVE-2015-4447\",\n \"CVE-2015-4446\", \"CVE-2015-4445\", \"CVE-2015-4444\", \"CVE-2015-4443\",\n \"CVE-2015-4441\", \"CVE-2015-4438\", \"CVE-2015-4435\", \"CVE-2015-3095\",\n \"CVE-2014-8450\", \"CVE-2014-0566\");\n script_bugtraq_id(75740, 75739, 75746, 75741, 75749, 75747, 69825, 75748, 75742,\n 75738, 75743, 75737, 75735, 75402);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-17 10:03:52 +0200 (Mon, 17 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 11:27:48 +0530 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Adobe Acrobat Multiple Vulnerabilities - 01 July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple integer over flow vulnerabilities.\n\n - Multiple buffer over flow vulnerabilities.\n\n - Some unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial of service, bypass certain security restrictions,\n to obtain sensitive information, execute arbitrary code and compromise a\n user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 10.x before 10.1.15\n and 11.x before 11.0.12 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 10.1.15 or\n 11.0.12 or later. For updates refer to http://get.adobe.com/reader\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75740\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75749\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75402\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"10.0\", test_version2:\"10.1.14\"))\n{\n fix = \"10.1.15\";\n VULN = TRUE ;\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.11\"))\n{\n fix = \"11.0.12\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + readerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n\n\n\n\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-20T16:08:31", "references": ["http://www.securityfocus.com/bid/75402", "https://helpx.adobe.com/security/products/acrobat/apsb15-15.html", "http://www.securityfocus.com/bid/75749", "http://www.securityfocus.com/bid/75740"], "pluginID": "1361412562310805680", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-21T00:00:00", "title": "Adobe Reader Multiple Vulnerabilities - 01 July15 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310805680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_mult_vuln01_july15_macosx.nasl 2015-07-21 11:27:48 July$\n#\n# Adobe Reader Multiple Vulnerabilities - 01 July15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805680\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-5115\", \"CVE-2015-5114\", \"CVE-2015-5113\", \"CVE-2015-5111\",\n \"CVE-2015-5110\", \"CVE-2015-5109\", \"CVE-2015-5108\", \"CVE-2015-5107\",\n \"CVE-2015-5106\", \"CVE-2015-5105\", \"CVE-2015-5104\", \"CVE-2015-5103\",\n \"CVE-2015-5102\", \"CVE-2015-5101\", \"CVE-2015-5100\", \"CVE-2015-5099\",\n \"CVE-2015-5098\", \"CVE-2015-5097\", \"CVE-2015-5096\", \"CVE-2015-5095\",\n \"CVE-2015-5094\", \"CVE-2015-5093\", \"CVE-2015-5092\", \"CVE-2015-5091\",\n \"CVE-2015-5090\", \"CVE-2015-5089\", \"CVE-2015-5088\", \"CVE-2015-5087\",\n \"CVE-2015-5086\", \"CVE-2015-5085\", \"CVE-2015-4452\", \"CVE-2015-4451\",\n \"CVE-2015-4450\", \"CVE-2015-4449\", \"CVE-2015-4448\", \"CVE-2015-4447\",\n \"CVE-2015-4446\", \"CVE-2015-4445\", \"CVE-2015-4444\", \"CVE-2015-4443\",\n \"CVE-2015-4441\", \"CVE-2015-4438\", \"CVE-2015-4435\", \"CVE-2015-3095\",\n \"CVE-2014-8450\", \"CVE-2014-0566\");\n script_bugtraq_id(75740, 75739, 75746, 75741, 75749, 75747, 69825, 75748, 75742,\n 75738, 75743, 75737, 75735, 75402);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 11:27:48 +0530 (Tue, 21 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Adobe Reader Multiple Vulnerabilities - 01 July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple integer over flow vulnerabilities.\n\n - Multiple buffer over flow vulnerabilities.\n\n - Some unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial of service, bypass certain security restrictions,\n to obtain sensitive information, execute arbitrary code and compromise a\n user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader 10.x before 10.1.15\n and 11.x before 11.0.12 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 10.1.15 or\n 11.0.12 or later. For updates refer to http://get.adobe.com/reader\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75740\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75749\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75402\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"10.0\", test_version2:\"10.1.14\"))\n{\n fix = \"10.1.15\";\n VULN = TRUE ;\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.11\"))\n{\n fix = \"11.0.12\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + readerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:50:44", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb15-15.html"], "pluginID": "84801", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an attacker to escalate privileges. (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 8, "reporter": "Tenable", "published": "2015-07-16T00:00:00", "title": "Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB15-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84801);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2014-0566\",\n \"CVE-2014-8450\",\n \"CVE-2015-3095\",\n \"CVE-2015-4435\",\n \"CVE-2015-4438\",\n \"CVE-2015-4441\",\n \"CVE-2015-4443\",\n \"CVE-2015-4444\",\n \"CVE-2015-4445\",\n \"CVE-2015-4446\",\n \"CVE-2015-4447\",\n \"CVE-2015-4448\",\n \"CVE-2015-4449\",\n \"CVE-2015-4450\",\n \"CVE-2015-4451\",\n \"CVE-2015-4452\",\n \"CVE-2015-5085\",\n \"CVE-2015-5086\",\n \"CVE-2015-5087\",\n \"CVE-2015-5088\",\n \"CVE-2015-5089\",\n \"CVE-2015-5090\",\n \"CVE-2015-5091\",\n \"CVE-2015-5092\",\n \"CVE-2015-5093\",\n \"CVE-2015-5094\",\n \"CVE-2015-5095\",\n \"CVE-2015-5096\",\n \"CVE-2015-5097\",\n \"CVE-2015-5098\",\n \"CVE-2015-5099\",\n \"CVE-2015-5100\",\n \"CVE-2015-5101\",\n \"CVE-2015-5102\",\n \"CVE-2015-5103\",\n \"CVE-2015-5104\",\n \"CVE-2015-5105\",\n \"CVE-2015-5106\",\n \"CVE-2015-5107\",\n \"CVE-2015-5108\",\n \"CVE-2015-5109\",\n \"CVE-2015-5110\",\n \"CVE-2015-5111\",\n \"CVE-2015-5113\",\n \"CVE-2015-5114\",\n \"CVE-2015-5115\"\n );\n script_bugtraq_id(\n 69825,\n 75402,\n 75735,\n 75737,\n 75738,\n 75739,\n 75740,\n 75741,\n 75743,\n 75746,\n 75747,\n 75748,\n 75749\n );\n\n script_name(english:\"Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5087,\n CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,\n CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,\n CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability\n exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,\n CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-4448,\n CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,\n CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an\n attacker to escalate privileges. (CVE-2015-4446,\n CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker\n to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5097,\n CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass\n restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,\n CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,\n CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow\n an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.15 / 11.0.12 / 2015.006.30060 /\n2015.008.20082 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n \n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected :\n# 10.x < 10.1.15\n# 11.x < 11.0.12\n# DC Classic < 2015.006.30060\n# DC Continuous < 2015.008.20082\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 15) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 12) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] < 30060) ||\n (ver[0] == 15 && ver[1] == 7) ||\n (ver[0] == 15 && ver[1] == 8 && ver[2] < 20082)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:05", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb15-15.html"], "pluginID": "84803", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an attacker to escalate privileges. (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-07-16T00:00:00", "title": "Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB15-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84803", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84803);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-0566\",\n \"CVE-2014-8450\",\n \"CVE-2015-3095\",\n \"CVE-2015-4435\",\n \"CVE-2015-4438\",\n \"CVE-2015-4441\",\n \"CVE-2015-4443\",\n \"CVE-2015-4444\",\n \"CVE-2015-4445\",\n \"CVE-2015-4446\",\n \"CVE-2015-4447\",\n \"CVE-2015-4448\",\n \"CVE-2015-4449\",\n \"CVE-2015-4450\",\n \"CVE-2015-4451\",\n \"CVE-2015-4452\",\n \"CVE-2015-5085\",\n \"CVE-2015-5086\",\n \"CVE-2015-5087\",\n \"CVE-2015-5088\",\n \"CVE-2015-5089\",\n \"CVE-2015-5090\",\n \"CVE-2015-5091\",\n \"CVE-2015-5092\",\n \"CVE-2015-5093\",\n \"CVE-2015-5094\",\n \"CVE-2015-5095\",\n \"CVE-2015-5096\",\n \"CVE-2015-5097\",\n \"CVE-2015-5098\",\n \"CVE-2015-5099\",\n \"CVE-2015-5100\",\n \"CVE-2015-5101\",\n \"CVE-2015-5102\",\n \"CVE-2015-5103\",\n \"CVE-2015-5104\",\n \"CVE-2015-5105\",\n \"CVE-2015-5106\",\n \"CVE-2015-5107\",\n \"CVE-2015-5108\",\n \"CVE-2015-5109\",\n \"CVE-2015-5110\",\n \"CVE-2015-5111\",\n \"CVE-2015-5113\",\n \"CVE-2015-5114\",\n \"CVE-2015-5115\"\n );\n script_bugtraq_id(\n 69825,\n 75402,\n 75735,\n 75737,\n 75738,\n 75739,\n 75740,\n 75741,\n 75743,\n 75746,\n 75747,\n 75748,\n 75749\n );\n\n script_name(english:\"Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5087,\n CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,\n CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,\n CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability\n exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,\n CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-4448,\n CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,\n CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an\n attacker to escalate privileges. (CVE-2015-4446,\n CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker\n to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5097,\n CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass\n restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,\n CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,\n CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow\n an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.15 / 11.0.12 / 2015.006.30060 /\n2015.008.20082 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.15\n# 11.x < 11.0.12\n# DC Classic < 2015.006.30060\n# DC Continuous < 2015.008.20082\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 15) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 12) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] < 30060) ||\n (ver[0] == 15 && ver[1] == 7) ||\n (ver[0] == 15 && ver[1] == 8 && ver[2] < 20082)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:06:05", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb15-15.html"], "pluginID": "84802", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an attacker to escalate privileges. (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-07-16T00:00:00", "title": "Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB15-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84802);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-0566\",\n \"CVE-2014-8450\",\n \"CVE-2015-3095\",\n \"CVE-2015-4435\",\n \"CVE-2015-4438\",\n \"CVE-2015-4441\",\n \"CVE-2015-4443\",\n \"CVE-2015-4444\",\n \"CVE-2015-4445\",\n \"CVE-2015-4446\",\n \"CVE-2015-4447\",\n \"CVE-2015-4448\",\n \"CVE-2015-4449\",\n \"CVE-2015-4450\",\n \"CVE-2015-4451\",\n \"CVE-2015-4452\",\n \"CVE-2015-5085\",\n \"CVE-2015-5086\",\n \"CVE-2015-5087\",\n \"CVE-2015-5088\",\n \"CVE-2015-5089\",\n \"CVE-2015-5090\",\n \"CVE-2015-5091\",\n \"CVE-2015-5092\",\n \"CVE-2015-5093\",\n \"CVE-2015-5094\",\n \"CVE-2015-5095\",\n \"CVE-2015-5096\",\n \"CVE-2015-5097\",\n \"CVE-2015-5098\",\n \"CVE-2015-5099\",\n \"CVE-2015-5100\",\n \"CVE-2015-5101\",\n \"CVE-2015-5102\",\n \"CVE-2015-5103\",\n \"CVE-2015-5104\",\n \"CVE-2015-5105\",\n \"CVE-2015-5106\",\n \"CVE-2015-5107\",\n \"CVE-2015-5108\",\n \"CVE-2015-5109\",\n \"CVE-2015-5110\",\n \"CVE-2015-5111\",\n \"CVE-2015-5113\",\n \"CVE-2015-5114\",\n \"CVE-2015-5115\"\n );\n script_bugtraq_id(\n 69825,\n 75402,\n 75735,\n 75737,\n 75738,\n 75739,\n 75740,\n 75741,\n 75743,\n 75746,\n 75747,\n 75748,\n 75749\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5087,\n CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,\n CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,\n CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability\n exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,\n CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-4448,\n CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,\n CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an\n attacker to escalate privileges. (CVE-2015-4446,\n CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker\n to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5097,\n CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass\n restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,\n CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,\n CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow\n an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.15 / 11.0.12 / 2015.006.30060 /\n2015.008.20082 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.15\n# 11.x < 11.0.12\n# DC Classic < 2015.006.30060\n# DC Continuous < 2015.008.20082\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 15) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 12) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] < 30060) ||\n (ver[0] == 15 && ver[1] == 7) ||\n (ver[0] == 15 && ver[1] == 8 && ver[2] < 20082)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:06:30", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb15-15.html"], "pluginID": "84800", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an attacker to escalate privileges. (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 8, "reporter": "Tenable", "published": "2015-07-16T00:00:00", "title": "Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB15-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84800);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2014-0566\",\n \"CVE-2014-8450\",\n \"CVE-2015-3095\",\n \"CVE-2015-4435\",\n \"CVE-2015-4438\",\n \"CVE-2015-4441\",\n \"CVE-2015-4443\",\n \"CVE-2015-4444\",\n \"CVE-2015-4445\",\n \"CVE-2015-4446\",\n \"CVE-2015-4447\",\n \"CVE-2015-4448\",\n \"CVE-2015-4449\",\n \"CVE-2015-4450\",\n \"CVE-2015-4451\",\n \"CVE-2015-4452\",\n \"CVE-2015-5085\",\n \"CVE-2015-5086\",\n \"CVE-2015-5087\",\n \"CVE-2015-5088\",\n \"CVE-2015-5089\",\n \"CVE-2015-5090\",\n \"CVE-2015-5091\",\n \"CVE-2015-5092\",\n \"CVE-2015-5093\",\n \"CVE-2015-5094\",\n \"CVE-2015-5095\",\n \"CVE-2015-5096\",\n \"CVE-2015-5097\",\n \"CVE-2015-5098\",\n \"CVE-2015-5099\",\n \"CVE-2015-5100\",\n \"CVE-2015-5101\",\n \"CVE-2015-5102\",\n \"CVE-2015-5103\",\n \"CVE-2015-5104\",\n \"CVE-2015-5105\",\n \"CVE-2015-5106\",\n \"CVE-2015-5107\",\n \"CVE-2015-5108\",\n \"CVE-2015-5109\",\n \"CVE-2015-5110\",\n \"CVE-2015-5111\",\n \"CVE-2015-5113\",\n \"CVE-2015-5114\",\n \"CVE-2015-5115\"\n );\n script_bugtraq_id(\n 69825,\n 75402,\n 75735,\n 75737,\n 75738,\n 75739,\n 75740,\n 75741,\n 75743,\n 75746,\n 75747,\n 75748,\n 75749\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5093)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5087,\n CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,\n CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,\n CVE-2015-5115, CVE-2014-0566)\n\n - An unspecified information disclosure vulnerability\n exists. (CVE-2015-5107)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to disclose arbitrary information.\n (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,\n CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)\n\n - A stack overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5110)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-4448,\n CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,\n CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)\n\n - Multiple validation bypass issues exist that allow an\n attacker to escalate privileges. (CVE-2015-4446,\n CVE-2015-5090, CVE-2015-5106)\n\n - A validation bypass issue exists that allows an attacker\n to cause a denial of service condition. (CVE-2015-5091)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5097,\n CVE-2015-5108, CVE-2015-5109)\n\n - Multiple flaws exist that allow an attacker to bypass\n restrictions on the JavaScript API execution.\n (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,\n CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,\n CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)\n\n - Multiple NULL pointer dereference flaws exist that allow\n an attacker to cause a denial of service condition.\n (CVE-2015-4443, CVE-2015-4444)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb15-15.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.15 / 11.0.12 / 2015.006.30060 /\n2015.008.20082 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# 10.x < 10.1.15\n# 11.x < 11.0.12\n# DC Classic < 2015.006.30060\n# DC Continuous < 2015.008.20082\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 15) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 12) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] < 30060) ||\n (ver[0] == 15 && ver[1] == 7 ) ||\n (ver[0] == 15 && ver[1] == 8 && ver[2] < 20082)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-10-18T16:04:03", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n07/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAcrobat DC versions earlier than 2015.007.20082 \nAcrobat Reader DC versions earlier than 2015.007.2082 \nAcrobat XI versions earlier than 11.0.12 \nAcrobat X versions earlier than 10.1.15 \nAcrobat Reader XI versions earlier than 11.0.12 \nAcrobat Reader X versions earlier than 10.1.15\n\n### *Solution*:\nUpdate to the latest version \n[Get Reader](<https://get.adobe.com/reader/>)\n\n### *Original advisories*:\n[Adobe advisory](<https://helpx.adobe.com/security/products/reader/apsb15-15.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader X](<https://threats.kaspersky.com/en/product/Adobe-Reader-X/>)\n\n### *CVE-IDS*:\n[CVE-2014-8450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8450>) \n[CVE-2015-4443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4443>) \n[CVE-2015-4444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4444>) \n[CVE-2015-4438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4438>) \n[CVE-2015-5089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5089>) \n[CVE-2015-4441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4441>) \n[CVE-2015-4445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4445>) \n[CVE-2015-4446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4446>) \n[CVE-2015-5097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5097>) \n[CVE-2015-5098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5098>) \n[CVE-2015-5109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5109>) \n[CVE-2015-5110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5110>) \n[CVE-2015-3095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3095>) \n[CVE-2015-4435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4435>) \n[CVE-2015-5095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5095>) \n[CVE-2015-5096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5096>) \n[CVE-2014-0566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0566>) \n[CVE-2015-5090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5090>) \n[CVE-2015-5091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5091>) \n[CVE-2015-5092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5092>) \n[CVE-2015-5114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5114>) \n[CVE-2015-4452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4452>) \n[CVE-2015-4451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4451>) \n[CVE-2015-5086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5086>) \n[CVE-2015-5085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5085>) \n[CVE-2015-4448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4448>) \n[CVE-2015-4447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4447>) \n[CVE-2015-4450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4450>) \n[CVE-2015-4449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4449>) \n[CVE-2015-5111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5111>) \n[CVE-2015-5088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5088>) \n[CVE-2015-5087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5087>) \n[CVE-2015-5113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5113>) \n[CVE-2015-5115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5115>) \n[CVE-2015-5108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5108>) \n[CVE-2015-5107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5107>) \n[CVE-2015-5106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5106>) \n[CVE-2015-5105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5105>) \n[CVE-2015-5104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5104>) \n[CVE-2015-5103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5103>) \n[CVE-2015-5102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5102>) \n[CVE-2015-5101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5101>) \n[CVE-2015-5100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5100>) \n[CVE-2015-5099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5099>) \n[CVE-2015-5093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5093>) \n[CVE-2015-5094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5094>)", "edition": 17, "reporter": "Kaspersky Lab", "published": "2015-07-14T00:00:00", "title": "\r KLA10628Multiple vulnerabilities in Adobe Acrobat ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2018-10-16T00:00:00", "id": "KLA10628", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10628", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "references": [], "description": "Buffer overflows, memory corruptions, information disclosure.", "edition": 1, "reporter": "ADOBE", "published": "2015-07-19T00:00:00", "title": "Adobe Reader / Acrobat multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Reader", "version": "11.0", "operator": "eq"}], "cvelist": ["CVE-2015-5109", "CVE-2015-5088", "CVE-2015-5098", "CVE-2015-4449", "CVE-2015-5113", "CVE-2015-5096", "CVE-2014-0566", "CVE-2015-5093", "CVE-2015-5114", "CVE-2015-4451", "CVE-2015-5111", "CVE-2015-5108", "CVE-2015-3095", "CVE-2015-5103", "CVE-2015-5106", "CVE-2015-5095", "CVE-2015-5089", "CVE-2015-5102", "CVE-2015-5092", "CVE-2015-5110", "CVE-2015-4448", "CVE-2015-4450", "CVE-2015-4447", "CVE-2015-5107", "CVE-2015-5115", "CVE-2015-4443", "CVE-2015-5086", "CVE-2015-5087", "CVE-2015-4438", "CVE-2015-4441", "CVE-2015-5097", "CVE-2015-4452", "CVE-2015-4435", "CVE-2014-8450", "CVE-2015-5105", "CVE-2015-4445", "CVE-2015-4446", "CVE-2015-5094", "CVE-2015-5101", "CVE-2015-4444", "CVE-2015-5090", "CVE-2015-5091", "CVE-2015-5099", "CVE-2015-5104", "CVE-2015-5085", "CVE-2015-5100"], "modified": "2015-07-19T00:00:00", "id": "SECURITYVULNS:VULN:14592", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14592", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
