ID CVE-2018-16018 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
{"zdi": [{"lastseen": "2020-06-22T11:42:02", "bulletinFamily": "info", "cvelist": ["CVE-2018-16018"], "description": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANSendForFormDistribution method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-12-17T00:00:00", "id": "ZDI-18-1420", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1420/", "title": "Adobe Reader DC JavaScript ANSendForFormDistribution JavaScript API Restrictions Bypass Vulnerability ", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:18", "bulletinFamily": "info", "cvelist": ["CVE-2018-16018"], "description": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of read-only properties and objects. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of current process.", "edition": 1, "modified": "2019-06-22T00:00:00", "published": "2019-01-04T00:00:00", "id": "ZDI-19-002", "href": "https://www.zerodayinitiative.com/advisories/ZDI-19-002/", "title": "Adobe Reader DC JavaScript Read-Only Variables Arbitrary Overwrite Restrictions Bypass Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:30", "bulletinFamily": "info", "cvelist": ["CVE-2018-16018"], "description": "This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AnnotsString object. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to overwrite the object's properties and methods. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-12-17T00:00:00", "id": "ZDI-18-1417", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1417/", "title": "Adobe Reader DC JavaScript AnnotsString Object Arbitrary Overwrite Restrictions Bypass Vulnerability ", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:37", "bulletinFamily": "info", "cvelist": ["CVE-2018-16018"], "description": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANSendForSharedReview method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-12-17T00:00:00", "id": "ZDI-18-1418", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1418/", "title": "Adobe Reader DC JavaScript ANSendForSharedReview JavaScript API Restrictions Bypass Vulnerability ", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:39:52", "bulletinFamily": "info", "cvelist": ["CVE-2018-16018"], "description": "This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CBSharedReviewCompleteAutomation method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-12-17T00:00:00", "id": "ZDI-18-1419", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1419/", "title": "Adobe Reader DC JavaScript CBSharedReviewCompleteAutomation JavaScript API Restrictions Bypass Vulnerability ", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:03:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814805", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814805\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:36:03 +0530 (Fri, 04 Jan 2019)\");\n\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 version 2017.011.30110\n and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814806", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814806\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:37:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 version 2017.011.30110\n and earlier on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814811", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Security Updates(apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814811\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:47:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30461 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic\n Track) version 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30464 => 15.006.30464\nif(version_is_less(version:vers, test_version:\"15.006.30464\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple arbitrary code execution vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814812", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb19-02 (Windows)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814812\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:50:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple arbitrary code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30461 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic Track)\n version 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30464 => 15.006.30464\nif(version_is_less(version:vers, test_version:\"15.006.30464\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n Classic 2015 and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814809", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02) - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814809\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:43:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n Classic 2015 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC Classic 2015 version 2015.x\n before 2015.006.30461 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Classic 2015 version\n 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30461 => 15.006.30461\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30461\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple arbitrary code execution vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814808", "type": "openvas", "title": "Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814808\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:40:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple arbitrary code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017.011.30110 and earlier\n versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader 2017 version\n 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814801", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814801\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:30:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2019.010.20064 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814802", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814802\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:32:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2019.010.20064 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814804", "type": "openvas", "title": "Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814804\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:35:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2019.010.20064 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814803", "type": "openvas", "title": "Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814803\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:34:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2019.010.20064 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T01:14:51", "description": "The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities : \n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120952);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities : \n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::adobe_reader::get_app_info();\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" },\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:24", "description": "The version of Adobe Reader installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120950);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:26:35", "description": "The version of Adobe Acrobat installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120949);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:27", "description": "The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120951);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:07", "bulletinFamily": "info", "cvelist": ["CVE-2018-16011", "CVE-2018-16018", "CVE-2019-7131"], "description": "### *Detect date*:\n01/03/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Adobe Acrobat and Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2019.010.20069 \nAdobe Acrobat Reader DC Continuous earlier than 2019.010.20069 \nAdobe Acrobat 2017 (Classic 2017 Track) earlier than 2017.011.30113 \nAdobe Acrobat Reader 2017 (Classic 2017 Track) earlier than 2017.011.30113 \nAdobe Acrobat DC (Classic 2015 Track) earlier than 2015.006.30464 \nAdobe Acrobat Reader DC (Classic 2015 Track) earlier than 2015.006.30464\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[APSB19-02](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2018-16018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16018>)0.0Unknown \n[CVE-2018-16011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16011>)7.5Critical \n[CVE-2019-7131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7131>)7.0High", "edition": 8, "modified": "2020-05-22T00:00:00", "published": "2019-01-03T00:00:00", "id": "KLA11393", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11393", "title": "\r KLA11393Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T12:02:25", "bulletinFamily": "info", "cvelist": ["CVE-2018-19714", "CVE-2018-19713", "CVE-2018-19698", "CVE-2018-15988", "CVE-2018-16001", "CVE-2018-16033", "CVE-2018-19704", "CVE-2018-16038", "CVE-2018-16014", "CVE-2018-16044", "CVE-2018-16019", "CVE-2018-16008", "CVE-2018-15991", "CVE-2018-19700", "CVE-2018-15985", "CVE-2018-15989", "CVE-2018-16039", "CVE-2018-19709", "CVE-2018-16015", "CVE-2018-19719", "CVE-2018-19703", "CVE-2018-16025", "CVE-2018-16041", "CVE-2018-16042", "CVE-2018-19717", "CVE-2018-15992", "CVE-2018-19716", "CVE-2018-16027", "CVE-2018-16017", "CVE-2018-19712", "CVE-2018-16016", "CVE-2018-16037", "CVE-2018-16002", "CVE-2018-19720", "CVE-2018-19701", "CVE-2018-15986", "CVE-2018-16028", "CVE-2018-16006", "CVE-2018-16022", "CVE-2018-16004", "CVE-2018-16005", "CVE-2018-16013", "CVE-2018-19699", "CVE-2018-15997", "CVE-2018-16035", "CVE-2018-15998", "CVE-2018-16031", "CVE-2018-16009", "CVE-2018-15999", "CVE-2018-16036", "CVE-2018-16030", "CVE-2018-16029", "CVE-2018-16007", "CVE-2018-19715", "CVE-2018-19710", "CVE-2018-15993", "CVE-2018-19728", "CVE-2018-16026", "CVE-2018-16010", "CVE-2018-16021", "CVE-2018-16032", "CVE-2018-15994", "CVE-2018-15987", "CVE-2018-16018", "CVE-2018-12830", "CVE-2018-15996", "CVE-2018-16043", "CVE-2018-15984", "CVE-2018-16046", "CVE-2018-19706", "CVE-2018-15995", "CVE-2018-16024", "CVE-2018-15990", "CVE-2018-16045", "CVE-2018-19711", "CVE-2018-19708", "CVE-2018-16000", "CVE-2018-16003", "CVE-2018-16034", "CVE-2018-16023", "CVE-2018-19702", "CVE-2018-16047", "CVE-2018-16012", "CVE-2018-19705", "CVE-2018-19707", "CVE-2018-16040", "CVE-2018-16020"], "description": "### *Detect date*:\n12/11/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and obtain sensitive information.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2019.010.20064 \nAdobe Acrobat Reader DC Continuous earlier than 2019.010.20064 \nAdobe Acrobat 2017 (Classic Track) earlier than 2017.011.30110 \nAdobe Acrobat Reader 2017 (Classic Track) earlier than 2017.011.30110 \nAdobe Acrobat DC 2015(Classic Track) earlier than 2015.006.30461 \nAdobe Acrobat Reader DC 2015 (Classic Track) earlier than 2015.006.30461\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[Security Bulletin for Adobe Acrobat and Reader | APSB18-41](<https://helpx.adobe.com/security/products/acrobat/apsb18-41.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2018-15998](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15998>)0.0Unknown \n[CVE-2018-15987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15987>)0.0Unknown \n[CVE-2018-16004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16004>)0.0Unknown \n[CVE-2018-19720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19720>)0.0Unknown \n[CVE-2018-16045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16045>)0.0Unknown \n[CVE-2018-16044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16044>)0.0Unknown \n[CVE-2018-16018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16018>)0.0Unknown \n[CVE-2018-19715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19715>)0.0Unknown \n[CVE-2018-19713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19713>)0.0Unknown \n[CVE-2018-19708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19708>)0.0Unknown \n[CVE-2018-19707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19707>)0.0Unknown \n[CVE-2018-19700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19700>)0.0Unknown \n[CVE-2018-19698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19698>)0.0Unknown \n[CVE-2018-16046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16046>)0.0Unknown \n[CVE-2018-16040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16040>)0.0Unknown \n[CVE-2018-16039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16039>)0.0Unknown \n[CVE-2018-16037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16037>)0.0Unknown \n[CVE-2018-16036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16036>)0.0Unknown \n[CVE-2018-16029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16029>)0.0Unknown \n[CVE-2018-16027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16027>)0.0Unknown \n[CVE-2018-16026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16026>)0.0Unknown \n[CVE-2018-16025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16025>)0.0Unknown \n[CVE-2018-16014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16014>)0.0Unknown \n[CVE-2018-16008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16008>)0.0Unknown \n[CVE-2018-16003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16003>)0.0Unknown \n[CVE-2018-15994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15994>)0.0Unknown \n[CVE-2018-15993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15993>)0.0Unknown \n[CVE-2018-15992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15992>)0.0Unknown \n[CVE-2018-15991](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15991>)0.0Unknown \n[CVE-2018-15990](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15990>)0.0Unknown \n[CVE-2018-19702](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19702>)0.0Unknown \n[CVE-2018-16016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16016>)0.0Unknown \n[CVE-2018-16000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16000>)0.0Unknown \n[CVE-2018-15999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15999>)0.0Unknown \n[CVE-2018-15988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15988>)0.0Unknown \n[CVE-2018-19716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19716>)0.0Unknown \n[CVE-2018-16021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16021>)0.0Unknown \n[CVE-2018-12830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12830>)0.0Unknown \n[CVE-2018-19717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19717>)0.0Unknown \n[CVE-2018-19714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19714>)0.0Unknown \n[CVE-2018-19712](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19712>)0.0Unknown \n[CVE-2018-19711](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19711>)0.0Unknown \n[CVE-2018-19710](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19710>)0.0Unknown \n[CVE-2018-19709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19709>)0.0Unknown \n[CVE-2018-19706](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19706>)0.0Unknown \n[CVE-2018-19705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19705>)0.0Unknown \n[CVE-2018-19704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19704>)0.0Unknown \n[CVE-2018-19703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19703>)0.0Unknown \n[CVE-2018-19701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19701>)0.0Unknown \n[CVE-2018-19699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19699>)0.0Unknown \n[CVE-2018-16047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16047>)0.0Unknown \n[CVE-2018-16043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16043>)0.0Unknown \n[CVE-2018-16041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16041>)0.0Unknown \n[CVE-2018-16038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16038>)0.0Unknown \n[CVE-2018-16035](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16035>)0.0Unknown \n[CVE-2018-16034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16034>)0.0Unknown \n[CVE-2018-16033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16033>)0.0Unknown \n[CVE-2018-16032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16032>)0.0Unknown \n[CVE-2018-16031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16031>)0.0Unknown \n[CVE-2018-16030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16030>)0.0Unknown \n[CVE-2018-16028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16028>)0.0Unknown \n[CVE-2018-16024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16024>)0.0Unknown \n[CVE-2018-16023](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16023>)0.0Unknown \n[CVE-2018-16022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16022>)0.0Unknown \n[CVE-2018-16020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16020>)0.0Unknown \n[CVE-2018-16019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16019>)0.0Unknown \n[CVE-2018-16017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16017>)0.0Unknown \n[CVE-2018-16015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16015>)0.0Unknown \n[CVE-2018-16013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16013>)0.0Unknown \n[CVE-2018-16012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16012>)0.0Unknown \n[CVE-2018-16010](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16010>)0.0Unknown \n[CVE-2018-16006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16006>)0.0Unknown \n[CVE-2018-16005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16005>)0.0Unknown \n[CVE-2018-16002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16002>)0.0Unknown \n[CVE-2018-16001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16001>)0.0Unknown \n[CVE-2018-15997](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15997>)0.0Unknown \n[CVE-2018-15996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15996>)0.0Unknown \n[CVE-2018-15989](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15989>)0.0Unknown \n[CVE-2018-15985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15985>)0.0Unknown \n[CVE-2018-15984](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15984>)0.0Unknown \n[CVE-2018-19719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19719>)0.0Unknown \n[CVE-2018-16009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16009>)0.0Unknown \n[CVE-2018-16007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16007>)0.0Unknown \n[CVE-2018-15995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15995>)0.0Unknown \n[CVE-2018-15986](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15986>)0.0Unknown \n[CVE-2018-16042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16042>)0.0Unknown \n[CVE-2018-19728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19728>)0.0Unknown", "edition": 11, "modified": "2020-05-22T00:00:00", "published": "2018-12-11T00:00:00", "id": "KLA11390", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11390", "title": "\r KLA11390Multiple vulnerabilities in Adobe Acrobat and Reader ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
