Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ACROBAT_APSB22-16.NASL
HistoryApr 12, 2022 - 12:00 a.m.

Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)

2022-04-1200:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
78

6.9 Medium

AI Score

Confidence

High

JSON

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities:

  • Use After Free vulnerability (CWE-416) potentially leading to disclosure of sensitive memory. (CVE-2022-24101, CVE-2022-28250, CVE-2022-28256, CVE-2022-28269, CVE-2022-28837)

  • Use After Free vulnerability (CWE-416) potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-24102, CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-27786, CVE-2022-27789, CVE-2022-27790, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801, CVE-2022-27802, CVE-2022-28230, CVE-2022-28232, CVE-2022-28233, CVE-2022-28235, CVE-2022-28237, CVE-2022-28238, CVE-2022-28240, CVE-2022-28242, CVE-2022-28838, CVE-2022-44514, CVE-2022-44518, CVE-2022-44519, CVE-2022-44520)

  • Out-of-bounds Write vulnerability (CWE-787) potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27787, CVE-2022-27788, CVE-2022-27792, CVE-2022-27793, CVE-2022-27798, CVE-2022-28236, CVE-2022-44512, CVE-2022-44513)

  • Out-of-bounds Read vulnerability (CWE-125) when processing a doc object potentially leading to read past the end of an allocated memory structure. (CVE-2022-28231, CVE-2022-28239, CVE-2022-28241, CVE-2022-28243, CVE-2022-28245, CVE-2022-28246, CVE-2022-28248, CVE-2022-28249, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253, CVE-2022-28254, CVE-2022-28255, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261, CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268, CVE-2022-35672, CVE-2022-44515, CVE-2022-44516, CVE-2022-44517)

  • Stack-based buffer overflow vulnerability (CWE-121) due to insecure processing of a font, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27791)

  • Use of a variable that has not been initialized vulnerability (CWE-824) when processing of embedded fonts, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27794)

  • Heap-based buffer overflow vulnerability (CWE-122) due to insecure handling of a crafted .pdf file, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-28234)

  • Violation of secure design principles through bypassing the content security policy vulnerability (CWE-657), potentially leading to an attacker sending arbitrarily configured requests to the cross-origin attack target domain. (CVE-2022-28244)

  • Uncontrolled search path vulnerability (CWE-353) potentially leading to local privilege escalation. (CVE-2022-28247)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159656);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/06");

  script_cve_id(
    "CVE-2022-24101",
    "CVE-2022-24102",
    "CVE-2022-24103",
    "CVE-2022-24104",
    "CVE-2022-27785",
    "CVE-2022-27786",
    "CVE-2022-27787",
    "CVE-2022-27788",
    "CVE-2022-27789",
    "CVE-2022-27790",
    "CVE-2022-27791",
    "CVE-2022-27792",
    "CVE-2022-27793",
    "CVE-2022-27794",
    "CVE-2022-27795",
    "CVE-2022-27796",
    "CVE-2022-27797",
    "CVE-2022-27798",
    "CVE-2022-27799",
    "CVE-2022-27800",
    "CVE-2022-27801",
    "CVE-2022-27802",
    "CVE-2022-28230",
    "CVE-2022-28231",
    "CVE-2022-28232",
    "CVE-2022-28233",
    "CVE-2022-28234",
    "CVE-2022-28235",
    "CVE-2022-28236",
    "CVE-2022-28237",
    "CVE-2022-28238",
    "CVE-2022-28239",
    "CVE-2022-28240",
    "CVE-2022-28241",
    "CVE-2022-28242",
    "CVE-2022-28243",
    "CVE-2022-28244",
    "CVE-2022-28245",
    "CVE-2022-28246",
    "CVE-2022-28247",
    "CVE-2022-28248",
    "CVE-2022-28249",
    "CVE-2022-28250",
    "CVE-2022-28251",
    "CVE-2022-28252",
    "CVE-2022-28253",
    "CVE-2022-28254",
    "CVE-2022-28255",
    "CVE-2022-28256",
    "CVE-2022-28257",
    "CVE-2022-28258",
    "CVE-2022-28259",
    "CVE-2022-28260",
    "CVE-2022-28261",
    "CVE-2022-28262",
    "CVE-2022-28263",
    "CVE-2022-28264",
    "CVE-2022-28265",
    "CVE-2022-28266",
    "CVE-2022-28267",
    "CVE-2022-28268",
    "CVE-2022-28269",
    "CVE-2022-28837",
    "CVE-2022-28838",
    "CVE-2022-35672",
    "CVE-2022-44512",
    "CVE-2022-44513",
    "CVE-2022-44514",
    "CVE-2022-44515",
    "CVE-2022-44516",
    "CVE-2022-44517",
    "CVE-2022-44518",
    "CVE-2022-44519",
    "CVE-2022-44520"
  );
  script_xref(name:"IAVA", value:"2022-A-0152-S");

  script_name(english:"Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229,
20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by
multiple vulnerabilities:

  - Use After Free vulnerability (CWE-416) potentially leading to disclosure of sensitive memory. (CVE-2022-24101,
    CVE-2022-28250, CVE-2022-28256, CVE-2022-28269, CVE-2022-28837)

  - Use After Free vulnerability (CWE-416) potentially leading to arbitrary code execution in the context of the 
    current user. (CVE-2022-24102, CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-27786, CVE-2022-27789,
    CVE-2022-27790, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801, 
    CVE-2022-27802, CVE-2022-28230, CVE-2022-28232, CVE-2022-28233, CVE-2022-28235, CVE-2022-28237, CVE-2022-28238,
    CVE-2022-28240, CVE-2022-28242, CVE-2022-28838, CVE-2022-44514, CVE-2022-44518, CVE-2022-44519, CVE-2022-44520)

  - Out-of-bounds Write vulnerability (CWE-787) potentially leading to arbitrary code execution in the context of 
    the current user. (CVE-2022-27787, CVE-2022-27788, CVE-2022-27792, CVE-2022-27793, CVE-2022-27798, 
    CVE-2022-28236, CVE-2022-44512, CVE-2022-44513)

  - Out-of-bounds Read vulnerability (CWE-125) when processing a doc object potentially leading to read past the 
    end of an allocated memory structure. (CVE-2022-28231, CVE-2022-28239, CVE-2022-28241, CVE-2022-28243,
    CVE-2022-28245, CVE-2022-28246, CVE-2022-28248, CVE-2022-28249, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253,
    CVE-2022-28254, CVE-2022-28255, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261,
    CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268,
    CVE-2022-35672, CVE-2022-44515, CVE-2022-44516, CVE-2022-44517)

  - Stack-based buffer overflow vulnerability (CWE-121) due to insecure processing of a font, potentially leading to 
    arbitrary code execution in the context of the current user. (CVE-2022-27791)

  - Use of a variable that has not been initialized vulnerability (CWE-824) when processing of embedded fonts, 
    potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27794)

  - Heap-based buffer overflow vulnerability (CWE-122) due to insecure handling of a crafted .pdf file, potentially 
    leading to arbitrary code execution in the context of the current user. (CVE-2022-28234) 

  - Violation of secure design principles through bypassing the content security policy vulnerability (CWE-657), 
    potentially leading to an attacker sending arbitrarily configured requests to the cross-origin attack target 
    domain. (CVE-2022-28244)

  - Uncontrolled search path vulnerability (CWE-353) potentially leading to local privilege escalation. (CVE-2022-28247)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/121.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/353.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/657.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/824.html");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334
/ 22.001.20112 / 22.001.20117 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-28838");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-35672");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_acrobat_installed.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);

# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
var constraints = [
  { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },
  { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },
  { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },
  { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },
  { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },
  { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },
  { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },
  { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }
];
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
VendorProductVersionCPE
adobeacrobatcpe:/a:adobe:acrobat

References

Related

openvas 12
nessus 7
adobe 2
kaspersky 1
zdi 42
cve 46
checkpoint_advisories 46
prion 40
cnvd 3
openvas
openvas
Adobe Reader Classic 2020 Security Update (APSB22-16) - Mac OS X
2022-04-29 00:00:00
Adobe Reader Classic 2020 Security Update (APSB22-16) - Windows
2022-04-29 00:00:00
Adobe Acrobat DC Continuous Security Update (APSB22-16) - Mac OS X
2022-04-29 00:00:00
nessus
nessus
Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)
2022-04-12 00:00:00
Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)
2022-04-12 00:00:00
Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)
2022-04-12 00:00:00
adobe
adobe
APSB22-16 : Security update available for Adobe Acrobat and Reader
2022-04-12 00:00:00
APSB22-39 : Security update available for Adobe Acrobat and Reader
2022-08-09 00:00:00
kaspersky
kaspersky
KLA12501 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
2022-04-12 00:00:00
zdi
zdi
Adobe Acrobat Reader DC Highlight Annotation noView Use-After-Free Remote Code Execution Vulnerability
2023-05-25 00:00:00
Adobe Acrobat Reader DC Annotation Highlight popupOpen Use-After-Free Information Disclosure Vulnerability
2023-05-25 00:00:00
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-05-25 00:00:00
cve
cve
CVE-2022-44517
2023-05-25 20:58:42
CVE-2022-44520
2023-05-25 20:58:48
CVE-2022-44512
2023-05-25 20:58:34
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Out-of-bounds Read (APSB22-16: CVE-2022-28257)
2022-04-12 00:00:00
Adobe Acrobat and Reader Use After Free (APSB22-16: CVE-2022-27800)
2022-04-12 00:00:00
Adobe Acrobat and Reader Out-of-bounds Read (APSB22-16: CVE-2022-28265)
2022-04-12 00:00:00
prion
prion
Design/Logic Flaw
2022-05-11 18:15:00
Design/Logic Flaw
2022-05-11 18:15:00
Design/Logic Flaw
2022-05-11 18:15:00
cnvd
cnvd
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-54889)
2022-07-29 00:00:00
Resource Management Error Vulnerability in Multiple Adobe Products (CNVD-2022-67850)
2022-04-15 00:00:00
Multiple Adobe Products Information Disclosure Vulnerabilities (CNVD-2022-87161)
2022-04-15 00:00:00

6.9 Medium

AI Score

Confidence

High

JSON
Related for ADOBE_ACROBAT_APSB22-16.NASL
openvas12nessus7adobe2kaspersky1zdi42cve46checkpoint_advisories46prion40cnvd3