Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ACROBAT_APSB21-51.NASL
HistoryJul 13, 2021 - 12:00 a.m.

Adobe Acrobat < 2017.011.30199 / 2020.004.30006 / 2021.005.20058 Multiple Vulnerabilities (APSB21-51)

2021-07-1300:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30199, 2020.004.30006, or 2021.005.20058. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151584);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/10");

  script_cve_id(
    "CVE-2021-3598",
    "CVE-2021-28634",
    "CVE-2021-28635",
    "CVE-2021-28636",
    "CVE-2021-28637",
    "CVE-2021-28638",
    "CVE-2021-28639",
    "CVE-2021-28640",
    "CVE-2021-28641",
    "CVE-2021-28642",
    "CVE-2021-28643",
    "CVE-2021-28644",
    "CVE-2021-35980",
    "CVE-2021-35981",
    "CVE-2021-35983",
    "CVE-2021-35984",
    "CVE-2021-35985",
    "CVE-2021-35986",
    "CVE-2021-35987",
    "CVE-2021-35988"
  );
  script_xref(name:"IAVA", value:"2021-A-0301-S");

  script_name(english:"Adobe Acrobat < 2017.011.30199 / 2020.004.30006 / 2021.005.20058 Multiple Vulnerabilities (APSB21-51)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30199, 2020.004.30006,
or 2021.005.20058. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this
issue but has instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/78.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/427.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/843.html");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb21-51.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat version 2017.011.30199 / 2020.004.30006 / 2021.005.20058 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28639");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-28634");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(22, 78, 122, 125, 416, 427, 476, 787, 843);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_acrobat_installed.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);

# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
var constraints = [
  { 'min_version' : '15.7', 'max_version' : '21.005.20054', 'fixed_version' : '21.005.20058' },
  { 'min_version' : '20.1', 'max_version' : '20.004.30005', 'fixed_version' : '20.004.30006' },
  { 'min_version' : '17.8', 'max_version' : '17.011.30197', 'fixed_version' : '17.011.30199' }
];
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
VendorProductVersionCPE
adobeacrobatcpe:/a:adobe:acrobat

References

Related

nessus 15
openvas 26
adobe 1
cnvd 20
cve 20
checkpoint_advisories 2
threatpost 1
prion 20
zdi 7
redhatcve 1
debiancve 1
veracode 1
alpinelinux 1
archlinux 1
ubuntucve 1
osv 7
suse 2
fedora 2
cloudfoundry 1
ubuntu 3
rosalinux 1
debian 3
gentoo 1
mageia 1
nessus
nessus
Adobe Reader < 2017.011.30199 / 2020.004.30006 / 2021.005.20058 Multiple Vulnerabilities (APSB21-51)
2021-07-13 00:00:00
Adobe Acrobat < 2017.011.30199 / 2020.004.30006 / 2021.005.20058 Multiple Vulnerabilities (APSB21-51) (macOS)
2021-07-13 00:00:00
Adobe Reader < 2017.011.30199 / 2020.004.30006 / 2021.005.20058 Multiple Vulnerabilities (APSB21-51) (macOS)
2021-07-13 00:00:00
openvas
openvas
Adobe Acrobat Classic 2020 Security Update (APSB21-51) - Mac OS X
2021-08-13 00:00:00
Adobe Reader DC Continuous Security Update (APSB21-51) - Mac OS X
2021-08-13 00:00:00
Adobe Reader 2017 Security Update (APSB21-51) - Mac OS X
2021-08-13 00:00:00
adobe
adobe
APSB21-51 Security update available for Adobe Acrobat and Reader
2021-07-13 00:00:00
cnvd
cnvd
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70143)
2021-07-14 00:00:00
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70152)
2021-07-14 00:00:00
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-70146)
2021-07-14 00:00:00
cve
cve
CVE-2021-28635
2021-08-20 19:15:00
CVE-2021-35983
2021-08-20 19:15:00
CVE-2021-28641
2021-08-20 19:15:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Use After Free (APSB21-51: CVE-2021-28640)
2021-07-13 00:00:00
Adobe Acrobat and Reader Use After Free (APSB21-51: CVE-2021-28635)
2021-07-13 00:00:00
threatpost
threatpost
Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
2021-07-13 18:55:41
prion
prion
Design/Logic Flaw
2021-08-20 19:15:00
Type confusion
2021-08-20 19:15:00
Path traversal
2023-09-06 14:15:00
zdi
zdi
Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
2021-07-15 00:00:00
Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2021-07-15 00:00:00
Adobe Acrobat Pro DC getAnnots Type Confusion Information Disclosure Vulnerability
2021-10-13 00:00:00
redhatcve
redhatcve
CVE-2021-3598
2021-06-11 19:14:18
debiancve
debiancve
CVE-2021-3598
2021-07-06 15:15:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 00:48:52
alpinelinux
alpinelinux
CVE-2021-3598
2021-07-06 15:15:00
archlinux
archlinux
[ASA-202107-14] openexr: arbitrary code execution
2021-07-06 00:00:00
ubuntucve
ubuntucve
CVE-2021-3598
2021-06-15 00:00:00
osv
osv
CVE-2021-3598
2021-07-06 15:15:07
openexr vulnerabilities
2021-06-22 11:09:05
openexr vulnerabilities
2021-06-22 11:46:27
suse
suse
Security update for openexr (important)
2021-07-11 00:00:00
Security update for openexr (important)
2021-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-3.fc34
2021-06-20 01:09:26
[SECURITY] Fedora 33 Update: mingw-ilmbase-2.4.1-3.fc33
2021-06-20 01:07:46
cloudfoundry
cloudfoundry
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2022-09-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2248
2023-10-17 12:58:34
debian
debian
[SECURITY] [DSA 5299-1] openexr security update
2022-12-10 16:27:46
[SECURITY] [DLA 2701-1] openexr security update
2021-07-03 18:16:01
[SECURITY] [DLA 3236-1] openexr security update
2022-12-11 23:52:53
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
JSON
Related for ADOBE_ACROBAT_APSB21-51.NASL
nessus15openvas26adobe1cnvd20cve20checkpoint_advisories2threatpost1prion20zdi7redhatcve1debiancve1veracode1alpinelinux1archlinux1ubuntucve1osv7suse2fedora2cloudfoundry1ubuntu3rosalinux1debian3gentoo1mageia1