KLA10440 Multiple vulnerabilities in Adobe Acrobat & Reader

2014-09-09T00:00:00

Description

### *Detect date*: 09/09/2014 ### *Severity*: Critical ### *Description*: Multiple critical vulnerabilities have been found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code and read arbitrary files. ### *Affected products*: Adobe Reader XI 11.0.09 and earlier Adobe Reader X 10.1.12 and earlier Adobe Acrobat XI 11.0.09 and earlier Adobe Acrobat X 10.1.12 and earlier ### *Solution*: Update to latest version [Get reader](<http://get.adobe.com/ru/reader/>) ### *Original advisories*: [APSB](<https://helpx.adobe.com/security/products/reader/apsb14-28.html>) ### *Impacts*: ACE ### *Related products*: [Adobe Reader](<https://threats.kaspersky.com/en/product/Adobe-Reader/>) ### *CVE-IDS*: [CVE-2014-8452](<https://vulners.com/cve/CVE-2014-8452>)

{"id": "KLA10440", "vendorId": null, "type": "kaspersky", "bulletinFamily": "info", "title": "KLA10440 Multiple vulnerabilities in Adobe Acrobat & Reader", "description": "### *Detect date*:\n09/09/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code and read arbitrary files.\n\n### *Affected products*:\nAdobe Reader XI 11.0.09 and earlier \nAdobe Reader X 10.1.12 and earlier \nAdobe Acrobat XI 11.0.09 and earlier \nAdobe Acrobat X 10.1.12 and earlier\n\n### *Solution*:\nUpdate to latest version \n[Get reader](<http://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[APSB](<https://helpx.adobe.com/security/products/reader/apsb14-28.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader](<https://threats.kaspersky.com/en/product/Adobe-Reader/>)\n\n### *CVE-IDS*:\n[CVE-2014-8452](<https://vulners.com/cve/CVE-2014-8452>)", "published": "2014-09-09T00:00:00", "modified": "2020-06-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10440/", "reporter": "Kaspersky Lab", "references": ["http://get.adobe.com/ru/reader/", "https://helpx.adobe.com/security/products/reader/apsb14-28.html", "https://threats.kaspersky.com/en/product/Adobe-Reader/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat/", "https://threats.kaspersky.com/en/product/Adobe-Reader-X/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-X/", "https://threats.kaspersky.com/en/product/Adobe-Reader-XI/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-XI/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8452", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8453", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9150", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8448", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8451", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2014-8452"], "immutableFields": [], "lastseen": "2023-02-08T16:17:00", "viewCount": 80, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2015-0034"]}, {"type": "cve", "idList": ["CVE-2014-8452"]}, {"type": "kaspersky", "idList": ["KLA10575"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB14-28.NASL", "ADOBE_ACROBAT_APSB15-10.NASL", "ADOBE_READER_APSB14-28.NASL", "ADOBE_READER_APSB15-10.NASL", "MACOSX_ADOBE_ACROBAT_APSB14-28.NASL", "MACOSX_ADOBE_ACROBAT_APSB15-10.NASL", "MACOSX_ADOBE_READER_APSB14-28.NASL", "MACOSX_ADOBE_READER_APSB15-10.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805300", "OPENVAS:1361412562310805301", "OPENVAS:1361412562310805302", "OPENVAS:1361412562310805303"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14491"]}, {"type": "threatpost", "idList": ["THREATPOST:EAB94A444099F6B81612C7ED4D51E5FE"]}]}, "score": {"value": 3.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2015-0034"]}, {"type": "cve", "idList": ["CVE-2014-8448", "CVE-2014-8451", "CVE-2014-8452", "CVE-2014-8453"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_ACROBAT_APSB14-28.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805301"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14491"]}, {"type": "threatpost", "idList": ["THREATPOST:EAB94A444099F6B81612C7ED4D51E5FE"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-8452", "epss": "0.011770000", "percentile": "0.828230000", "modified": "2023-03-14"}], "vulnersScore": 3.1}, "_state": {"dependencies": 1675873329, "score": 1675873208, "epss": 1678825578}, "_internal": {"score_hash": "f955fcf94186483b1e0160691662715a"}}

{"threatpost": [{"lastseen": "2018-10-06T22:56:54", "description": "Adobe today released sizable updates for Flash Player, Reader and Acrobat, patching 18 and 34 vulnerabilities respectively in the software.\n\nNone of the vulnerabilities in any of the three products, Adobe said, are being publicly exploited.\n\nThe [Flash Update](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) for Windows, Mac OS X, and Linux patches vulnerabilities that would allow an attacker to remotely take control of the compromised computer.\n\nAdobe Flash Player 17.0.0.169 and earlier versions, Adobe Flash Player 13.0.0.281 and earlier 13.x versions, Adobe Flash Player 11.2.202.457 and earlier 11.x versions, AIR Desktop Runtime 17.0.0.144 and earlier versions, and AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions are affected and patched by this update, Adobe said.\n\nMost of the vulnerabilities open the door to code execution, Adobe said. The update addresses four memory corruption vulnerabilities, one heap overflow flaw, an integer overflow bug, three type confusion bugs, and a use-after-free vulnerability that allow an attacker to run code remotely and control a machine.\n\nThe Flash update also addresses a time-of-check time-of-use race condition that bypasses Internet Explorer\u2019s Protected Mode. Three other bugs were patched that allow an attacker to write data to a file system with the same permission as the user. Two memory leak issues were also addressed that lead to bypass of Address Space Layout Randomization (ASLR) and a separate security bypass vulnerability that could lead to information disclosure.\n\nThe [Reader and Acrobat updates](<https://helpx.adobe.com/security/products/reader/apsb15-10.html>) affect Adobe Reader XI (11.0.10) and earlier 11.x versions, Adobe Reader X (10.1.13) and earlier 10.x versions, Adobe Acrobat XI (11.0.10) and earlier 11.x versions, Adobe Acrobat X (10.1.13) and earlier 10.x versions.\n\nThe most serious of the bugs lead to code execution, Adobe said. Ten memory corruption vulnerabilities were addressed, along with five use-after free vulnerabilities, a buffer overflow and heap-based buffer overflow, all of which allow an attacker to remotely run code.\n\nThe updates also patch 14 vulnerabilities that enable a number of methods to bypass JavaScript API execution restrictions, Adobe said.\n\nThe remaining bugs patched in the updates include a memory leak issue, a null-pointer dereference issue that enables denial-of-service attacks, and additional hardening protecting against an [information disclosure bug](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8452>) in the handling of XML external entities.\n", "cvss3": {}, "published": "2015-05-12T12:43:10", "type": "threatpost", "title": "May 2015 Adobe Flash, Reader, Acrobat Security Updates", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-8452"], "modified": "2015-05-13T13:40:32", "id": "THREATPOST:EAB94A444099F6B81612C7ED4D51E5FE", "href": "https://threatpost.com/adobe-unleashes-big-updates-for-flash-reader-acrobat/112756/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:53:17", "description": "An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper handling of XML external entities. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file.", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader and Acrobat Information Disclosure (APSB14-28: CVE-2014-8452)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452"], "modified": "2015-01-15T00:00:00", "id": "CPAI-2015-0034", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-02-09T10:16:42", "description": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "cvss3": {}, "published": "2014-12-10T21:59:00", "type": "cve", "title": "CVE-2014-8452", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452"], "modified": "2014-12-12T01:30:00", "cpe": ["cpe:/a:adobe:acrobat:10.0.3", "cpe:/a:adobe:acrobat:10.1.8", "cpe:/a:adobe:acrobat:10.1.3", "cpe:/a:adobe:acrobat_reader:10.1.2", "cpe:/a:adobe:acrobat:10.0.1", "cpe:/a:adobe:acrobat_reader:10.1.8", "cpe:/a:adobe:acrobat:10.1.9", "cpe:/a:adobe:acrobat_reader:11.0.03", "cpe:/a:adobe:acrobat:11.0.2", "cpe:/a:adobe:acrobat:11.0.7", "cpe:/a:adobe:acrobat_reader:10.1", "cpe:/a:adobe:acrobat_reader:11.0.0", "cpe:/o:microsoft:windows:*", "cpe:/a:adobe:acrobat_reader:11.0.02", "cpe:/a:adobe:acrobat:11.0.1", "cpe:/a:adobe:acrobat:11.0.6", "cpe:/a:adobe:acrobat:11.0.5", "cpe:/a:adobe:acrobat_reader:11.0.01", "cpe:/a:adobe:acrobat:10.1", "cpe:/a:adobe:acrobat_reader:10.1.1", "cpe:/a:adobe:acrobat:10.1.11", "cpe:/a:adobe:acrobat_reader:10.0.2", "cpe:/a:adobe:acrobat:10.1.2", "cpe:/o:apple:mac_os_x:*", "cpe:/a:adobe:acrobat_reader:10.1.4", "cpe:/a:adobe:acrobat_reader:10.1.10", "cpe:/a:adobe:acrobat_reader:10.1.7", "cpe:/a:adobe:acrobat:10.0.2", "cpe:/a:adobe:acrobat_reader:10.1.3", "cpe:/a:adobe:acrobat_reader:11.0.05", "cpe:/a:adobe:acrobat_reader:10.1.11", "cpe:/a:adobe:acrobat:11.0.4", "cpe:/a:adobe:acrobat:11.0.9", "cpe:/a:adobe:acrobat:10.1.12", "cpe:/a:adobe:acrobat:10.1.1", "cpe:/a:adobe:acrobat_reader:10.1.9", "cpe:/a:adobe:acrobat:10.1.4", "cpe:/a:adobe:acrobat_reader:10.0", "cpe:/a:adobe:acrobat:11.0.8", "cpe:/a:adobe:acrobat_reader:10.1.6", "cpe:/a:adobe:acrobat:11.0", "cpe:/a:adobe:acrobat_reader:11.0.04", "cpe:/a:adobe:acrobat_reader:11.0.06", "cpe:/a:adobe:acrobat_reader:11.0.07", "cpe:/a:adobe:acrobat_reader:10.1.12", "cpe:/a:adobe:acrobat:10.1.10", "cpe:/a:adobe:acrobat:10.1.6", "cpe:/a:adobe:acrobat:10.1.7", "cpe:/a:adobe:acrobat_reader:10.0.3", "cpe:/a:adobe:acrobat_reader:11.0.08", "cpe:/a:adobe:acrobat:11.0.3", "cpe:/a:adobe:acrobat_reader:11.0.09", "cpe:/a:adobe:acrobat:10.0", "cpe:/a:adobe:acrobat:10.1.5", "cpe:/a:adobe:acrobat_reader:10.0.1", "cpe:/a:adobe:acrobat_reader:10.1.5"], "id": "CVE-2014-8452", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8452", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.07:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.08:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.03:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.09:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.06:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.05:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.01:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.04:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:11.0.02:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2023-02-08T16:14:44", "description": "### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAdobe Reader XI versions earlier than 11.0.11 \nAdobe Reader X versions earlier than 10.1.14 \nAdobe Acrobat XI versions earlier than 11.0.11 \nAdobe Acrobat X versions earlier than 10.1.14\n\n### *Solution*:\nUpdate to the latest version \n[Get Reader](<https://get.adobe.com/reader/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/reader/apsb15-10.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader X](<https://threats.kaspersky.com/en/product/Adobe-Reader-X/>)\n\n### *CVE-IDS*:\n[CVE-2014-8452](<https://vulners.com/cve/CVE-2014-8452>)5.0Critical \n[CVE-2015-3055](<https://vulners.com/cve/CVE-2015-3055>)7.5Critical \n[CVE-2015-3047](<https://vulners.com/cve/CVE-2015-3047>)5.0Critical \n[CVE-2014-9161](<https://vulners.com/cve/CVE-2014-9161>)9.3Critical \n[CVE-2015-3058](<https://vulners.com/cve/CVE-2015-3058>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {}, "published": "2015-05-12T00:00:00", "type": "kaspersky", "title": "KLA10575 Multiple vulnerabilities in Adobe products", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452", "CVE-2014-9161", "CVE-2015-3047", "CVE-2015-3055", "CVE-2015-3058"], "modified": "2020-06-18T00:00:00", "id": "KLA10575", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10575/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:45:30", "description": "Memory corruptions, buffer overlfows, restrictions bypass, DoS.", "cvss3": {}, "published": "2015-05-13T00:00:00", "type": "securityvulns", "title": "Adobe Reader / Acrobat multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-8452", "CVE-2014-9161", "CVE-2015-3046", "CVE-2015-3048", "CVE-2014-9160", "CVE-2015-3047", "CVE-2015-3049"], "modified": "2015-05-13T00:00:00", "id": "SECURITYVULNS:VULN:14491", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14491", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-01-18T14:41:34", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8445", "CVE-2014-8446", "CVE-2014-8447", "CVE-2014-8448", "CVE-2014-8449", "CVE-2014-8451", "CVE-2014-8452", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8455", "CVE-2014-8456", "CVE-2014-8457", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-8460", "CVE-2014-8461", "CVE-2014-9150", "CVE-2014-9158", "CVE-2014-9159", "CVE-2014-9165"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB14-28.NASL", "href": "https://www.tenable.com/plugins/nessus/79855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79855);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-8445\",\n \"CVE-2014-8446\",\n \"CVE-2014-8447\",\n \"CVE-2014-8448\",\n \"CVE-2014-8449\",\n \"CVE-2014-8451\",\n \"CVE-2014-8452\",\n \"CVE-2014-8453\",\n \"CVE-2014-8454\",\n \"CVE-2014-8455\",\n \"CVE-2014-8456\",\n \"CVE-2014-8457\",\n \"CVE-2014-8458\",\n \"CVE-2014-8459\",\n \"CVE-2014-8460\",\n \"CVE-2014-8461\",\n \"CVE-2014-9150\",\n \"CVE-2014-9158\",\n \"CVE-2014-9159\",\n \"CVE-2014-9165\"\n );\n script_bugtraq_id(\n 71366,\n 71557,\n 71561,\n 71562,\n 71564,\n 71565,\n 71566,\n 71567,\n 71568,\n 71570,\n 71571,\n 71572,\n 71573,\n 71574,\n 71575,\n 71576,\n 71577,\n 71578,\n 71579,\n 71580\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.13 / 11.0.10. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code\n execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447,\n CVE-2014-8456, CVE-2014-8458, CVE-2014-8459,\n CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows\n information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows\n arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows\n information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code\n execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow\n arbitrary code execution. (CVE-2014-8457, CVE-2014-8460,\n CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition\n allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.13 / 11.0.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Win is :\n# 10.x < 10.1.13\n# 11.x < 11.0.10\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 13) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 10)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 10.1.13 / 11.0.10' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:41:58", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8445", "CVE-2014-8446", "CVE-2014-8447", "CVE-2014-8448", "CVE-2014-8449", "CVE-2014-8451", "CVE-2014-8452", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8455", "CVE-2014-8456", "CVE-2014-8457", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-8460", "CVE-2014-8461", "CVE-2014-9150", "CVE-2014-9158", "CVE-2014-9159", "CVE-2014-9165"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB14-28.NASL", "href": "https://www.tenable.com/plugins/nessus/79857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79857);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-8445\",\n \"CVE-2014-8446\",\n \"CVE-2014-8447\",\n \"CVE-2014-8448\",\n \"CVE-2014-8449\",\n \"CVE-2014-8451\",\n \"CVE-2014-8452\",\n \"CVE-2014-8453\",\n \"CVE-2014-8454\",\n \"CVE-2014-8455\",\n \"CVE-2014-8456\",\n \"CVE-2014-8457\",\n \"CVE-2014-8458\",\n \"CVE-2014-8459\",\n \"CVE-2014-8460\",\n \"CVE-2014-8461\",\n \"CVE-2014-9150\",\n \"CVE-2014-9158\",\n \"CVE-2014-9159\",\n \"CVE-2014-9165\"\n );\n script_bugtraq_id(\n 71366,\n 71557,\n 71561,\n 71562,\n 71564,\n 71565,\n 71566,\n 71567,\n 71568,\n 71570,\n 71571,\n 71572,\n 71573,\n 71574,\n 71575,\n 71576,\n 71577,\n 71578,\n 71579,\n 71580\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Mac OS X host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.13 / 11.0.10. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code\n execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447,\n CVE-2014-8456, CVE-2014-8458, CVE-2014-8459,\n CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows\n information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows\n arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows\n information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code\n execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow\n arbitrary code execution. (CVE-2014-8457, CVE-2014-8460,\n CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition\n allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb14-28.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.13 / 11.0.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.13\n# 11.x < 11.0.10\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 13) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 10)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.13 / 11.0.10' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:41:50", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "nessus", "title": "Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8445", "CVE-2014-8446", "CVE-2014-8447", "CVE-2014-8448", "CVE-2014-8449", "CVE-2014-8451", "CVE-2014-8452", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8455", "CVE-2014-8456", "CVE-2014-8457", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-8460", "CVE-2014-8461", "CVE-2014-9150", "CVE-2014-9158", "CVE-2014-9159", "CVE-2014-9165"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB14-28.NASL", "href": "https://www.tenable.com/plugins/nessus/79856", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79856);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-8445\",\n \"CVE-2014-8446\",\n \"CVE-2014-8447\",\n \"CVE-2014-8448\",\n \"CVE-2014-8449\",\n \"CVE-2014-8451\",\n \"CVE-2014-8452\",\n \"CVE-2014-8453\",\n \"CVE-2014-8454\",\n \"CVE-2014-8455\",\n \"CVE-2014-8456\",\n \"CVE-2014-8457\",\n \"CVE-2014-8458\",\n \"CVE-2014-8459\",\n \"CVE-2014-8460\",\n \"CVE-2014-8461\",\n \"CVE-2014-9150\",\n \"CVE-2014-9158\",\n \"CVE-2014-9159\",\n \"CVE-2014-9165\"\n );\n script_bugtraq_id(\n 71366,\n 71557,\n 71561,\n 71562,\n 71564,\n 71565,\n 71566,\n 71567,\n 71568,\n 71570,\n 71571,\n 71572,\n 71573,\n 71574,\n 71575,\n 71576,\n 71577,\n 71578,\n 71579,\n 71580\n );\n\n script_name(english:\"Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.13 / 11.0.10. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code\n execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447,\n CVE-2014-8456, CVE-2014-8458, CVE-2014-8459,\n CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows\n information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows\n arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows\n information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code\n execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow\n arbitrary code execution. (CVE-2014-8457, CVE-2014-8460,\n CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition\n allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.13 / 11.0.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Win is :\n# 10.x < 10.1.13\n# 11.x < 11.0.10\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 13) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 10)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 10.1.13 / 11.0.10' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:41:43", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "nessus", "title": "Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8445", "CVE-2014-8446", "CVE-2014-8447", "CVE-2014-8448", "CVE-2014-8449", "CVE-2014-8451", "CVE-2014-8452", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8455", "CVE-2014-8456", "CVE-2014-8457", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-8460", "CVE-2014-8461", "CVE-2014-9150", "CVE-2014-9158", "CVE-2014-9159", "CVE-2014-9165"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB14-28.NASL", "href": "https://www.tenable.com/plugins/nessus/79858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79858);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-8445\",\n \"CVE-2014-8446\",\n \"CVE-2014-8447\",\n \"CVE-2014-8448\",\n \"CVE-2014-8449\",\n \"CVE-2014-8451\",\n \"CVE-2014-8452\",\n \"CVE-2014-8453\",\n \"CVE-2014-8454\",\n \"CVE-2014-8455\",\n \"CVE-2014-8456\",\n \"CVE-2014-8457\",\n \"CVE-2014-8458\",\n \"CVE-2014-8459\",\n \"CVE-2014-8460\",\n \"CVE-2014-8461\",\n \"CVE-2014-9150\",\n \"CVE-2014-9158\",\n \"CVE-2014-9159\",\n \"CVE-2014-9165\"\n );\n script_bugtraq_id(\n 71366,\n 71557,\n 71561,\n 71562,\n 71564,\n 71565,\n 71566,\n 71567,\n 71568,\n 71570,\n 71571,\n 71572,\n 71573,\n 71574,\n 71575,\n 71576,\n 71577,\n 71578,\n 71579,\n 71580\n );\n\n script_name(english:\"Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.13 / 11.0.10. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Memory corruption errors exist that allow arbitrary code\n execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447,\n CVE-2014-8456, CVE-2014-8458, CVE-2014-8459,\n CVE-2014-8461, CVE-2014-9158)\n\n - An improperly implemented JavaScript API allows\n information disclosure. (CVE-2014-8448, CVE-2014-8451)\n\n - An integer overflow vulnerability exists that allows\n arbitrary code execution. (CVE-2014-8449)\n\n - An error in handling XML external entities allows\n information disclosure. (CVE-2014-8452)\n\n - A same-origin policy error allows security bypass.\n (CVE-2014-8453)\n\n - Use-after-free errors exist that allow arbitrary code\n execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)\n\n - Heap-based buffer overflow flaws exist that allow\n arbitrary code execution. (CVE-2014-8457, CVE-2014-8460,\n CVE-2014-9159).\n\n - A time-of-check time-of-use (TOCTOU) race condition\n allows arbitrary file system writes. (CVE-2014-9150)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb14-28.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.13 / 11.0.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.13\n# 11.x < 11.0.10\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 13) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 10)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.13 / 11.0.10' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:10:28", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker, via a specially crafted PDF file, can cause the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and use-after-free flaws exist that allow memory corruption, arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3070, CVE-2015-3075, CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "nessus", "title": "Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452", "CVE-2014-9160", "CVE-2014-9161", "CVE-2015-3046", "CVE-2015-3047", "CVE-2015-3048", "CVE-2015-3049", "CVE-2015-3050", "CVE-2015-3051", "CVE-2015-3052", "CVE-2015-3053", "CVE-2015-3054", "CVE-2015-3055", "CVE-2015-3056", "CVE-2015-3057", "CVE-2015-3058", "CVE-2015-3059", "CVE-2015-3060", "CVE-2015-3061", "CVE-2015-3062", "CVE-2015-3063", "CVE-2015-3064", "CVE-2015-3065", "CVE-2015-3066", "CVE-2015-3067", "CVE-2015-3068", "CVE-2015-3069", "CVE-2015-3070", "CVE-2015-3071", "CVE-2015-3072", "CVE-2015-3073", "CVE-2015-3074", "CVE-2015-3075", "CVE-2015-3076"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB15-10.NASL", "href": "https://www.tenable.com/plugins/nessus/83473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83473);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-8452\",\n \"CVE-2014-9160\",\n \"CVE-2014-9161\",\n \"CVE-2015-3046\",\n \"CVE-2015-3047\",\n \"CVE-2015-3048\",\n \"CVE-2015-3049\",\n \"CVE-2015-3050\",\n \"CVE-2015-3051\",\n \"CVE-2015-3052\",\n \"CVE-2015-3053\",\n \"CVE-2015-3054\",\n \"CVE-2015-3055\",\n \"CVE-2015-3056\",\n \"CVE-2015-3057\",\n \"CVE-2015-3058\",\n \"CVE-2015-3059\",\n \"CVE-2015-3060\",\n \"CVE-2015-3061\",\n \"CVE-2015-3062\",\n \"CVE-2015-3063\",\n \"CVE-2015-3064\",\n \"CVE-2015-3065\",\n \"CVE-2015-3066\",\n \"CVE-2015-3067\",\n \"CVE-2015-3068\",\n \"CVE-2015-3069\",\n \"CVE-2015-3070\",\n \"CVE-2015-3071\",\n \"CVE-2015-3072\",\n \"CVE-2015-3073\",\n \"CVE-2015-3074\",\n \"CVE-2015-3075\",\n \"CVE-2015-3076\"\n );\n script_bugtraq_id(\n 71567,\n 74599,\n 74600,\n 74601,\n 74602,\n 74603,\n 74604,\n 74618\n );\n\n script_name(english:\"Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.14 / 11.0.11. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker, via a specially crafted PDF file, can cause\n the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and\n use-after-free flaws exist that allow memory corruption,\n arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049,\n CVE-2015-3050, CVE-2015-3051, CVE-2015-3052,\n CVE-2015-3053, CVE-2015-3054, CVE-2015-3055,\n CVE-2015-3056, CVE-2015-3057, CVE-2015-3058,\n CVE-2015-3059, CVE-2015-3070, CVE-2015-3075,\n CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow\n an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,\n CVE-2015-3063, CVE-2015-3064, CVE-2015-3065,\n CVE-2015-3066, CVE-2015-3067, CVE-2015-3068,\n CVE-2015-3069, CVE-2015-3071, CVE-2015-3072,\n CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows\n information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb15-10.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.14 / 11.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.14\n# 11.x < 11.0.11\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 14) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 11)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.11 / 11.0.11' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:10:54", "description": "The version of Adobe Reader installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker, via a specially crafted PDF file, can cause the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and use-after-free flaws exist that allow memory corruption, arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3070, CVE-2015-3075, CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "nessus", "title": "Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452", "CVE-2014-9160", "CVE-2014-9161", "CVE-2015-3046", "CVE-2015-3047", "CVE-2015-3048", "CVE-2015-3049", "CVE-2015-3050", "CVE-2015-3051", "CVE-2015-3052", "CVE-2015-3053", "CVE-2015-3054", "CVE-2015-3055", "CVE-2015-3056", "CVE-2015-3057", "CVE-2015-3058", "CVE-2015-3059", "CVE-2015-3060", "CVE-2015-3061", "CVE-2015-3062", "CVE-2015-3063", "CVE-2015-3064", "CVE-2015-3065", "CVE-2015-3066", "CVE-2015-3067", "CVE-2015-3068", "CVE-2015-3069", "CVE-2015-3070", "CVE-2015-3071", "CVE-2015-3072", "CVE-2015-3073", "CVE-2015-3074", "CVE-2015-3075", "CVE-2015-3076"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB15-10.NASL", "href": "https://www.tenable.com/plugins/nessus/83471", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83471);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-8452\",\n \"CVE-2014-9160\",\n \"CVE-2014-9161\",\n \"CVE-2015-3046\",\n \"CVE-2015-3047\",\n \"CVE-2015-3048\",\n \"CVE-2015-3049\",\n \"CVE-2015-3050\",\n \"CVE-2015-3051\",\n \"CVE-2015-3052\",\n \"CVE-2015-3053\",\n \"CVE-2015-3054\",\n \"CVE-2015-3055\",\n \"CVE-2015-3056\",\n \"CVE-2015-3057\",\n \"CVE-2015-3058\",\n \"CVE-2015-3059\",\n \"CVE-2015-3060\",\n \"CVE-2015-3061\",\n \"CVE-2015-3062\",\n \"CVE-2015-3063\",\n \"CVE-2015-3064\",\n \"CVE-2015-3065\",\n \"CVE-2015-3066\",\n \"CVE-2015-3067\",\n \"CVE-2015-3068\",\n \"CVE-2015-3069\",\n \"CVE-2015-3070\",\n \"CVE-2015-3071\",\n \"CVE-2015-3072\",\n \"CVE-2015-3073\",\n \"CVE-2015-3074\",\n \"CVE-2015-3075\",\n \"CVE-2015-3076\"\n );\n script_bugtraq_id(\n 71567,\n 74599,\n 74600,\n 74601,\n 74602,\n 74603,\n 74604,\n 74618\n );\n\n script_name(english:\"Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a version\nprior to 10.1.14 / 11.0.11. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker, via a specially crafted PDF file, can cause\n the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and\n use-after-free flaws exist that allow memory corruption,\n arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049,\n CVE-2015-3050, CVE-2015-3051, CVE-2015-3052,\n CVE-2015-3053, CVE-2015-3054, CVE-2015-3055,\n CVE-2015-3056, CVE-2015-3057, CVE-2015-3058,\n CVE-2015-3059, CVE-2015-3070, CVE-2015-3075,\n CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow\n an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,\n CVE-2015-3063, CVE-2015-3064, CVE-2015-3065,\n CVE-2015-3066, CVE-2015-3067, CVE-2015-3068,\n CVE-2015-3069, CVE-2015-3071, CVE-2015-3072,\n CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows\n information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb15-10.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 10.1.14 / 11.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Win is :\n# 10.x < 10.1.14\n# 11.x < 11.0.11\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 14) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 11)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 10.1.14 / 11.0.11' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:10:54", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker, via a specially crafted PDF file, can cause the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and use-after-free flaws exist that allow memory corruption, arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3070, CVE-2015-3075, CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows information disclosure. (CVE-2014-8452) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452", "CVE-2014-9160", "CVE-2014-9161", "CVE-2015-3046", "CVE-2015-3047", "CVE-2015-3048", "CVE-2015-3049", "CVE-2015-3050", "CVE-2015-3051", "CVE-2015-3052", "CVE-2015-3053", "CVE-2015-3054", "CVE-2015-3055", "CVE-2015-3056", "CVE-2015-3057", "CVE-2015-3058", "CVE-2015-3059", "CVE-2015-3060", "CVE-2015-3061", "CVE-2015-3062", "CVE-2015-3063", "CVE-2015-3064", "CVE-2015-3065", "CVE-2015-3066", "CVE-2015-3067", "CVE-2015-3068", "CVE-2015-3069", "CVE-2015-3070", "CVE-2015-3071", "CVE-2015-3072", "CVE-2015-3073", "CVE-2015-3074", "CVE-2015-3075", "CVE-2015-3076"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB15-10.NASL", "href": "https://www.tenable.com/plugins/nessus/83472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83472);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-8452\",\n \"CVE-2014-9160\",\n \"CVE-2014-9161\",\n \"CVE-2015-3046\",\n \"CVE-2015-3047\",\n \"CVE-2015-3048\",\n \"CVE-2015-3049\",\n \"CVE-2015-3050\",\n \"CVE-2015-3051\",\n \"CVE-2015-3052\",\n \"CVE-2015-3053\",\n \"CVE-2015-3054\",\n \"CVE-2015-3055\",\n \"CVE-2015-3056\",\n \"CVE-2015-3057\",\n \"CVE-2015-3058\",\n \"CVE-2015-3059\",\n \"CVE-2015-3060\",\n \"CVE-2015-3061\",\n \"CVE-2015-3062\",\n \"CVE-2015-3063\",\n \"CVE-2015-3064\",\n \"CVE-2015-3065\",\n \"CVE-2015-3066\",\n \"CVE-2015-3067\",\n \"CVE-2015-3068\",\n \"CVE-2015-3069\",\n \"CVE-2015-3070\",\n \"CVE-2015-3071\",\n \"CVE-2015-3072\",\n \"CVE-2015-3073\",\n \"CVE-2015-3074\",\n \"CVE-2015-3075\",\n \"CVE-2015-3076\"\n );\n script_bugtraq_id(\n 71567,\n 74599,\n 74600,\n 74601,\n 74602,\n 74603,\n 74604,\n 74618\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.14 / 11.0.11. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker, via a specially crafted PDF file, can cause\n the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and\n use-after-free flaws exist that allow memory corruption,\n arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049,\n CVE-2015-3050, CVE-2015-3051, CVE-2015-3052,\n CVE-2015-3053, CVE-2015-3054, CVE-2015-3055,\n CVE-2015-3056, CVE-2015-3057, CVE-2015-3058,\n CVE-2015-3059, CVE-2015-3070, CVE-2015-3075,\n CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow\n an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,\n CVE-2015-3063, CVE-2015-3064, CVE-2015-3065,\n CVE-2015-3066, CVE-2015-3067, CVE-2015-3068,\n CVE-2015-3069, CVE-2015-3071, CVE-2015-3072,\n CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows\n information disclosure. (CVE-2014-8452)\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb15-10.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.14 / 11.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Mac is :\n# 10.x < 10.1.14\n# 11.x < 11.0.11\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 14) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 11)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 10.1.14 / 11.0.11' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:11:27", "description": "The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker, via a specially crafted PDF file, can cause the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and use-after-free flaws exist that allow memory corruption, arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3070, CVE-2015-3075, CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8452", "CVE-2014-9160", "CVE-2014-9161", "CVE-2015-3046", "CVE-2015-3047", "CVE-2015-3048", "CVE-2015-3049", "CVE-2015-3050", "CVE-2015-3051", "CVE-2015-3052", "CVE-2015-3053", "CVE-2015-3054", "CVE-2015-3055", "CVE-2015-3056", "CVE-2015-3057", "CVE-2015-3058", "CVE-2015-3059", "CVE-2015-3060", "CVE-2015-3061", "CVE-2015-3062", "CVE-2015-3063", "CVE-2015-3064", "CVE-2015-3065", "CVE-2015-3066", "CVE-2015-3067", "CVE-2015-3068", "CVE-2015-3069", "CVE-2015-3070", "CVE-2015-3071", "CVE-2015-3072", "CVE-2015-3073", "CVE-2015-3074", "CVE-2015-3075", "CVE-2015-3076"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB15-10.NASL", "href": "https://www.tenable.com/plugins/nessus/83470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83470);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-8452\",\n \"CVE-2014-9160\",\n \"CVE-2014-9161\",\n \"CVE-2015-3046\",\n \"CVE-2015-3047\",\n \"CVE-2015-3048\",\n \"CVE-2015-3049\",\n \"CVE-2015-3050\",\n \"CVE-2015-3051\",\n \"CVE-2015-3052\",\n \"CVE-2015-3053\",\n \"CVE-2015-3054\",\n \"CVE-2015-3055\",\n \"CVE-2015-3056\",\n \"CVE-2015-3057\",\n \"CVE-2015-3058\",\n \"CVE-2015-3059\",\n \"CVE-2015-3060\",\n \"CVE-2015-3061\",\n \"CVE-2015-3062\",\n \"CVE-2015-3063\",\n \"CVE-2015-3064\",\n \"CVE-2015-3065\",\n \"CVE-2015-3066\",\n \"CVE-2015-3067\",\n \"CVE-2015-3068\",\n \"CVE-2015-3069\",\n \"CVE-2015-3070\",\n \"CVE-2015-3071\",\n \"CVE-2015-3072\",\n \"CVE-2015-3073\",\n \"CVE-2015-3074\",\n \"CVE-2015-3075\",\n \"CVE-2015-3076\"\n );\n script_bugtraq_id(\n 71567,\n 74599,\n 74600,\n 74601,\n 74602,\n 74603,\n 74604,\n 74618\n );\n\n script_name(english:\"Adobe Acrobat < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is a version\nprior to 10.1.14 / 11.0.11. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A buffer overflow condition exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2014-9160)\n\n - An out-of-bounds read flaw exists in CoolType.dll due\n to improper validation of user-supplied input. A remote\n attacker, via a specially crafted PDF file, can cause\n the application to crash and disclose memory contents.\n (CVE-2014-9161).\n\n - Multiple input validation, NULL pointer dereference, and\n use-after-free flaws exist that allow memory corruption,\n arbitrary code execution, and buffer overflow attacks.\n (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049,\n CVE-2015-3050, CVE-2015-3051, CVE-2015-3052,\n CVE-2015-3053, CVE-2015-3054, CVE-2015-3055,\n CVE-2015-3056, CVE-2015-3057, CVE-2015-3058,\n CVE-2015-3059, CVE-2015-3070, CVE-2015-3075,\n CVE-2015-3076)\n\n - Multiple unspecified flaws in the JavaScript API allow\n an attacker to bypass JavaScript API restrictions.\n (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,\n CVE-2015-3063, CVE-2015-3064, CVE-2015-3065,\n CVE-2015-3066, CVE-2015-3067, CVE-2015-3068,\n CVE-2015-3069, CVE-2015-3071, CVE-2015-3072,\n CVE-2015-3073, CVE-2015-3074) \n\n - An XML external entity injection flaw exists that allows\n information disclosure. (CVE-2014-8452)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb15-10.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 10.1.14 / 11.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected for Win is :\n# 10.x < 10.1.14\n# 11.x < 11.0.11\nif (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 14) ||\n (ver[0] == 11 && ver[1] == 0 && ver[2] < 11)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 10.1.14 / 11.0.11' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:28:52", "description": "The host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-12-11T00:00:00", "type": "openvas", "title": "Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8460", "CVE-2014-9159", "CVE-2014-8452", "CVE-2014-8445", "CVE-2014-8455", "CVE-2014-8449", "CVE-2014-8461", "CVE-2014-8447", "CVE-2014-9165", "CVE-2014-8456", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-9150", "CVE-2014-8457", "CVE-2014-8448", "CVE-2014-9158", "CVE-2014-8446", "CVE-2014-8451"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805302\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-9150\", \"CVE-2014-9165\", \"CVE-2014-8445\", \"CVE-2014-8446\",\n \"CVE-2014-8447\", \"CVE-2014-8448\", \"CVE-2014-8449\", \"CVE-2014-8451\",\n \"CVE-2014-8452\", \"CVE-2014-8453\", \"CVE-2014-8454\", \"CVE-2014-8455\",\n \"CVE-2014-8456\", \"CVE-2014-8457\", \"CVE-2014-8458\", \"CVE-2014-8459\",\n \"CVE-2014-8461\", \"CVE-2014-9158\", \"CVE-2014-9159\", \"CVE-2014-8460\");\n script_bugtraq_id(71366, 71575, 71561, 71570, 71574, 71564, 71568, 71565, 71567,\n 71557, 71562, 71571, 71572, 71566, 71573, 71576, 71578, 71577,\n 71580, 71579);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-11 17:25:05 +0530 (Thu, 11 Dec 2014)\");\n\n script_name(\"Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Multiple use-after-free errors can be exploited to execute arbitrary code.\n\n - Multiple unspecified errors can be exploited to cause a heap-based buffer overflow\n and subsequently execute arbitrary code.\n\n - A Race condition in the MoveFileEx call hook feature allows attackers to\n bypass a sandbox protection mechanism.\n\n - An error within the implementation of a Javascript API can be exploited to disclose\n certain information.\n\n - Multiple integer overflow errors can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to disclose potentially sensitive information, bypass certain\n security restrictions, execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 10.x before 10.1.13 and Adobe\n Acrobat 11.x before 11.0.10 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 10.1.13 or\n 11.0.10 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61095/\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/google-security-research/issues/detail?id=103\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!acroVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(acroVer && acroVer =~ \"^(10|11)\")\n{\n if(version_in_range(version:acroVer, test_version:\"10.0.0\", test_version2:\"10.1.12\")||\n version_in_range(version:acroVer, test_version:\"11.0.0\", test_version2:\"11.0.9\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:28:27", "description": "The host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-12-11T00:00:00", "type": "openvas", "title": "Adobe Reader Multiple Vulnerabilities-01 Dec14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8460", "CVE-2014-9159", "CVE-2014-8452", "CVE-2014-8445", "CVE-2014-8455", "CVE-2014-8449", "CVE-2014-8461", "CVE-2014-8447", "CVE-2014-9165", "CVE-2014-8456", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-9150", "CVE-2014-8457", "CVE-2014-8448", "CVE-2014-9158", "CVE-2014-8446", "CVE-2014-8451"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805303", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Multiple Vulnerabilities-01 Dec14 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805303\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-9150\", \"CVE-2014-9165\", \"CVE-2014-8445\", \"CVE-2014-8446\",\n \"CVE-2014-8447\", \"CVE-2014-8448\", \"CVE-2014-8449\", \"CVE-2014-8451\",\n \"CVE-2014-8452\", \"CVE-2014-8453\", \"CVE-2014-8454\", \"CVE-2014-8455\",\n \"CVE-2014-8456\", \"CVE-2014-8457\", \"CVE-2014-8458\", \"CVE-2014-8459\",\n \"CVE-2014-8461\", \"CVE-2014-9158\", \"CVE-2014-9159\", \"CVE-2014-8460\");\n script_bugtraq_id(71366, 71575, 71561, 71570, 71574, 71564, 71568, 71565, 71567,\n 71557, 71562, 71571, 71572, 71566, 71573, 71576, 71578, 71577,\n 71580, 71579);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-11 17:14:05 +0530 (Thu, 11 Dec 2014)\");\n\n script_name(\"Adobe Reader Multiple Vulnerabilities-01 Dec14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Multiple use-after-free errors can be exploited to execute arbitrary code.\n\n - Multiple unspecified errors can be exploited to cause a heap-based buffer overflow\n and subsequently execute arbitrary code.\n\n - A Race condition in the MoveFileEx call hook feature allows attackers to\n bypass a sandbox protection mechanism.\n\n - An error within the implementation of a Javascript API can be exploited to disclose\n certain information.\n\n - Multiple integer overflow errors can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to disclose potentially sensitive information, bypass certain\n security restrictions, execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader 10.x before 10.1.13 and\n Adobe Reader 11.x before 11.0.10 on on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 10.1.13 or\n 11.0.10 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61095/\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/google-security-research/issues/detail?id=103\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer && readerVer =~ \"^1[01]\")\n{\n if(version_in_range(version:readerVer, test_version:\"10.0.0\", test_version2:\"10.1.12\")||\n version_in_range(version:readerVer, test_version:\"11.0.0\", test_version2:\"11.0.9\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:28:26", "description": "The host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-12-11T00:00:00", "type": "openvas", "title": "Adobe Reader Multiple Vulnerabilities-01 Dec14 (MAC OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8460", "CVE-2014-9159", "CVE-2014-8452", "CVE-2014-8445", "CVE-2014-8455", "CVE-2014-8449", "CVE-2014-8461", "CVE-2014-8447", "CVE-2014-9165", "CVE-2014-8456", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-9150", "CVE-2014-8457", "CVE-2014-8448", "CVE-2014-9158", "CVE-2014-8446", "CVE-2014-8451"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Multiple Vulnerabilities-01 Dec14 (MAC OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805301\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-9150\", \"CVE-2014-9165\", \"CVE-2014-8445\", \"CVE-2014-8446\",\n \"CVE-2014-8447\", \"CVE-2014-8448\", \"CVE-2014-8449\", \"CVE-2014-8451\",\n \"CVE-2014-8452\", \"CVE-2014-8453\", \"CVE-2014-8454\", \"CVE-2014-8455\",\n \"CVE-2014-8456\", \"CVE-2014-8457\", \"CVE-2014-8458\", \"CVE-2014-8459\",\n \"CVE-2014-8461\", \"CVE-2014-9158\", \"CVE-2014-9159\", \"CVE-2014-8460\");\n script_bugtraq_id(71366, 71575, 71561, 71570, 71574, 71564, 71568, 71565, 71567,\n 71557, 71562, 71571, 71572, 71566, 71573, 71576, 71578, 71577,\n 71580, 71579);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-11 17:14:05 +0530 (Thu, 11 Dec 2014)\");\n\n script_name(\"Adobe Reader Multiple Vulnerabilities-01 Dec14 (MAC OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Multiple use-after-free errors can be exploited to execute arbitrary code.\n\n - Multiple unspecified errors can be exploited to cause a heap-based buffer overflow\n and subsequently execute arbitrary code.\n\n - A Race condition in the MoveFileEx call hook feature allows attackers to\n bypass a sandbox protection mechanism.\n\n - An error within the implementation of a Javascript API can be exploited to disclose\n certain information.\n\n - Multiple integer overflow errors can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to disclose potentially sensitive information, bypass certain\n security restrictions, execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader 10.x before 10.1.13 and\n Adobe Reader 11.x before 11.0.10 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 10.1.13 or\n 11.0.10 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61095/\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/google-security-research/issues/detail?id=103\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer && readerVer =~ \"^1[01]\")\n{\n if(version_in_range(version:readerVer, test_version:\"10.0.0\", test_version2:\"10.1.12\")||\n version_in_range(version:readerVer, test_version:\"11.0.0\", test_version2:\"11.0.9\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:28:26", "description": "The host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-12-11T00:00:00", "type": "openvas", "title": "Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8460", "CVE-2014-9159", "CVE-2014-8452", "CVE-2014-8445", "CVE-2014-8455", "CVE-2014-8449", "CVE-2014-8461", "CVE-2014-8447", "CVE-2014-9165", "CVE-2014-8456", "CVE-2014-8453", "CVE-2014-8454", "CVE-2014-8458", "CVE-2014-8459", "CVE-2014-9150", "CVE-2014-8457", "CVE-2014-8448", "CVE-2014-9158", "CVE-2014-8446", "CVE-2014-8451"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805300\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-9150\", \"CVE-2014-9165\", \"CVE-2014-8445\", \"CVE-2014-8446\",\n \"CVE-2014-8447\", \"CVE-2014-8448\", \"CVE-2014-8449\", \"CVE-2014-8451\",\n \"CVE-2014-8452\", \"CVE-2014-8453\", \"CVE-2014-8454\", \"CVE-2014-8455\",\n \"CVE-2014-8456\", \"CVE-2014-8457\", \"CVE-2014-8458\", \"CVE-2014-8459\",\n \"CVE-2014-8461\", \"CVE-2014-9158\", \"CVE-2014-9159\", \"CVE-2014-8460\");\n script_bugtraq_id(71366, 71575, 71561, 71570, 71574, 71564, 71568, 71565, 71567,\n 71557, 71562, 71571, 71572, 71566, 71573, 71576, 71578, 71577,\n 71580, 71579);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-11 17:14:05 +0530 (Thu, 11 Dec 2014)\");\n\n script_name(\"Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Multiple use-after-free errors can be exploited to execute arbitrary code.\n\n - Multiple unspecified errors can be exploited to cause a heap-based buffer overflow\n and subsequently execute arbitrary code.\n\n - A Race condition in the MoveFileEx call hook feature allows attackers to\n bypass a sandbox protection mechanism.\n\n - An error within the implementation of a Javascript API can be exploited to disclose\n certain information.\n\n - Multiple integer overflow errors can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to disclose potentially sensitive information, bypass certain\n security restrictions, execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 10.x before 10.1.13 and\n Adobe Acrobat 11.x before 11.0.10 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 10.1.13 or\n 11.0.10 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61095/\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/reader/apsb14-28.html\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/google-security-research/issues/detail?id=103\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!acroVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(acroVer && acroVer =~ \"^(10|11)\")\n{\n if(version_in_range(version:acroVer, test_version:\"10.0.0\", test_version2:\"10.1.12\")||\n version_in_range(version:acroVer, test_version:\"11.0.0\", test_version2:\"11.0.9\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}