Search...

CVE-2019-7956

2019-07-18T22:15:00

ID CVE-2019-7956
Type cve
Reporter cve@mitre.org
Modified 2019-07-19T20:23:00

Description

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-7956", "bulletinFamily": "NVD", "title": "CVE-2019-7956", "description": "Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.", "published": "2019-07-18T22:15:00", "modified": "2019-07-19T20:23:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7956", "reporter": "cve@mitre.org", "references": ["https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"], "cvelist": ["CVE-2019-7956"], "type": "cve", "lastseen": "2021-02-02T07:13:05", "edition": 7, "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310815250"]}, {"type": "nessus", "idList": ["ADOBE_DREAMWEAVER_APSB19-40.NASL"]}], "modified": "2021-02-02T07:13:05", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-02-02T07:13:05", "rev": 2}, "vulnersScore": 5.5}, "cpe": ["cpe:/a:adobe:dreamweaver:19.0"], "affectedSoftware": [{"cpeName": "adobe:dreamweaver", "name": "adobe dreamweaver", "operator": "le", "version": "19.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:adobe:dreamweaver:19.0:*:*:*:*:*:*:*"], "cwe": ["CWE-426"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:dreamweaver:19.0:*:*:*:*:*:*:*", "versionEndIncluding": "19.0", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"}], "immutableFields": []}

{"openvas": [{"lastseen": "2019-10-24T20:51:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7956"], "description": "The host is installed with Adobe Dreamweaver\n and is prone to privilege escalation vulnerability.", "modified": "2019-10-23T00:00:00", "published": "2019-07-11T00:00:00", "id": "OPENVAS:1361412562310815250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815250", "type": "openvas", "title": "Adobe Dreamweaver Privilege Escalation Vulnerability(APSB19-40)-Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:adobe:dreamweaver\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815250\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2019-7956\");\n script_bugtraq_id(109088);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-11 11:53:01 +0530 (Thu, 11 Jul 2019)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Dreamweaver Privilege Escalation Vulnerability(APSB19-40)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Dreamweaver\n and is prone to privilege escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an insecure library loading\n or dll hijacking vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows an attacker to\n gain elevated privileges on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Dreamweaver before version 18.0.0.10136,\n 19.x before version 19.0.0.18193 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Dreamweaver 2018/2019 Release or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/download-install/kb/creative-cloud-apps-download.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_dreamweaver_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"Adobe/Dreamweaver/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nvers = infos['version'];\npath = infos['location'];\n\nAppVer = fetch_file_version(sysPath:path, file_name:\"Dreamweaver.exe\");\nif(!AppVer){\n AppVer = fetch_file_version(sysPath:path, file_name:\"Adobe Dreamweaver CC 2018\\Dreamweaver.exe\");\n}\nif(!AppVer) exit(0);\n\n#Adobe Dreamweaver CC 2019 Release == 19.0.0.11193\nif(AppVer =~ \"^19\" && version_is_less(version:AppVer, test_version:\"19.0.0.11193\"))\n{\n report = report_fixed_ver(installed_version:AppVer, fixed_version:\"2019 Release\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\n#Adobe Dreamweaver CC 2018 Release == 18.0.0.10136\nelse if(version_is_less(version:AppVer, test_version:\"18.0.0.10136\"))\n{\n report = report_fixed_ver(installed_version:AppVer, fixed_version:\"2018 Release\", install_path:path + \"\\Adobe Dreamweaver CC 2018\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-04-01T01:18:07", "description": "The version of Adobe Dreamweaver installed on the remote Windows host is a version prior or equal to 18.0 or a version\nprior or equal to 19.0. It is, therefore, affected by a DLL hijacking privileges escalation vulnerability.", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-12T00:00:00", "title": "Adobe Dreamweaver <= 18.0 / <= 19.0 DLL Hijacking Privilege Escaalation Vulnerability (APSB19-40)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7956"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:dreamweaver"], "id": "ADOBE_DREAMWEAVER_APSB19-40.NASL", "href": "https://www.tenable.com/plugins/nessus/126633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126633);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/18 23:14:15\");\n\n script_cve_id(\"CVE-2019-7956\");\n script_bugtraq_id(109088);\n script_xref(name:\"IAVA\", value:\"2019-A-0232\");\n\n script_name(english:\"Adobe Dreamweaver <= 18.0 / <= 19.0 DLL Hijacking Privilege Escaalation Vulnerability (APSB19-40)\");\n script_summary(english:\"Checks the version of Adobe Dreamweaver.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Dreamweaver installed on the remote Windows host is affected by a DLL hijacking vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Dreamweaver installed on the remote Windows host is a version prior or equal to 18.0 or a version\nprior or equal to 19.0. It is, therefore, affected by a DLL hijacking privileges escalation vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Dreamweaver 2018 Release or 2019 Release or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:dreamweaver\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_dreamweaver_installed.nasl\");\n script_require_keys(\"installed_sw/Adobe Dreamweaver\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\napp_info = vcf::get_app_info(app:\"Adobe Dreamweaver\");\n\nconstraints = [\n { \"fixed_version\":\"18.1\", \"fixed_display\":\"2018 Release\"},\n { \"min_version\":\"19.0\", \"fixed_version\":\"19.1\", \"fixed_display\":\"2019 Release\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}