Adobe Bridge 11.x < 11.1.1 Multiple Vulnerabilities
Reporter | Title | Published | Views | Family All 90 |
---|---|---|---|---|
Tenable Nessus | Adobe Bridge 11.x < 11.1.1 Multiple Vulnerabilities (APSB21-69) | 17 Aug 202100:00 | – | nessus |
OpenVAS | Adobe Bridge Multiple Vulnerabilities (APSB21-69) - Windows | 15 Sep 202200:00 | – | openvas |
Adobe | APSB21-69 Security update available for Adobe Bridge | 17 Aug 202100:00 | – | adobe |
CNVD | Adobe Bridge Memory Corruption Vulnerability (CNVD-2021-74107) | 3 Sep 202100:00 | – | cnvd |
CNVD | Adobe Bridge Memory Out-of-Bounds Access Vulnerability (CNVD-2021-63266) | 18 Aug 202100:00 | – | cnvd |
CNVD | Adobe Bridge out-of-bounds write vulnerability (CNVD-2021-63281) | 18 Aug 202100:00 | – | cnvd |
CNVD | Adobe Bridge Memory Out-of-Bounds Access Vulnerability (CNVD-2021-63268) | 18 Aug 202100:00 | – | cnvd |
CNVD | Adobe Bridge Memory Out-of-Bounds Access Vulnerability (CNVD-2021-63269) | 18 Aug 202100:00 | – | cnvd |
CNVD | Adobe Bridge out-of-bounds read vulnerability (CNVD-2021-63271) | 18 Aug 202100:00 | – | cnvd |
CNVD | Adobe Bridge memory out-of-bounds access vulnerability | 18 Aug 202100:00 | – | cnvd |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152630);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/21");
script_cve_id(
"CVE-2021-36049",
"CVE-2021-36059",
"CVE-2021-36067",
"CVE-2021-36068",
"CVE-2021-36069",
"CVE-2021-36071",
"CVE-2021-36072",
"CVE-2021-36073",
"CVE-2021-36074",
"CVE-2021-36075",
"CVE-2021-36076",
"CVE-2021-36077",
"CVE-2021-36078",
"CVE-2021-36079",
"CVE-2021-39816",
"CVE-2021-39817"
);
script_name(english:"Adobe Bridge 11.x < 11.1.1 Multiple Vulnerabilities (APSB21-69)");
script_set_attribute(attribute:"synopsis", value:
"Adobe Bridge installed on remote Windows host is affected by a multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Adobe Bridge installed on the remote Windows host is prior to 11.1.1. It is, therefore, affected by
multiple vulnerabilities as referenced in the apsb21-69 advisory.
- Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could
result in arbitrary code execution in the context of the current user. Exploitation of this issue requires
user interaction in that a victim must open a malicious file. (CVE-2021-36072)
- Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure
handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of
the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36049,
CVE-2021-36059, CVE-2021-36067, CVE-2021-36068, CVE-2021-36069, CVE-2021-36076, CVE-2021-36078,
CVE-2021-39816, CVE-2021-39817)
- Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when
parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context
of the current user. Exploitation of this issue requires user interaction in that a victim must open a
malicious file. (CVE-2021-36073)
- Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a
crafted .SGI file, which could result in a read past the end of an allocated memory structure. An attacker
could leverage this vulnerability to execute code in the context of the current user. Exploitation of this
issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36079)
- Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could
lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass
mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open
a malicious file. (CVE-2021-36071, CVE-2021-36074)
- Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure
handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of
the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36075)
- Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure
handling of a malicious SVG file, potentially resulting in local application denial of service in the
context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36077)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/bridge/apsb21-69.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Bridge version 11.1.1 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39817");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120, 122, 125, 787, 788);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:bridge");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_bridge_installed.nasl");
script_require_keys("installed_sw/Adobe Bridge", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Adobe Bridge', win_local:TRUE);
var constraints = [
{ 'min_version' : '11.0.0', 'fixed_version' : '11.1.1' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo