Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ILLUSTRATOR_APSB22-15.NASL
HistoryMar 09, 2022 - 12:00 a.m.

Adobe Illustrator 26.x < 26.1.0 A Vulnerability (APSB22-15) (deprecated)

2022-03-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

The version of Adobe Illustrator installed on the remote Windows host is prior to 26.1.0. It is, therefore, affected by a vulnerability as referenced in the apsb22-15 advisory.

  • Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. (CVE-2022-23187)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

This plugin has been deprecated by adobe_illustrator_apsb22-15_all.nasl.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# @DEPRECATED@
#
# Disabled on 2023/04/26. Deprecated by adobe_illustrator_apsb22-15_all.nasl.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158733);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/27");

  script_cve_id("CVE-2022-23187");
  script_xref(name:"IAVA", value:"2022-A-0114-S");

  script_name(english:"Adobe Illustrator 26.x < 26.1.0 A Vulnerability (APSB22-15) (deprecated)");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Illustrator installed on the remote Windows host is prior to 26.1.0. It is, therefore, affected by
a vulnerability as referenced in the apsb22-15 advisory.

  - Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to
    insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of
    the current user. Exploitation requires user interaction in that a victim must open a crafted file in
    Illustrator. (CVE-2022-23187)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.

This plugin has been deprecated by adobe_illustrator_apsb22-15_all.nasl.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/illustrator/apsb22-15.html");
  script_set_attribute(attribute:"solution", value:
"n/a");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23187");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(120);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:illustrator");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_require_keys("SMB/Adobe Illustrator/Installed");

  exit(0);
}

exit(0, 'This plugin has been deprecated. Use adobe_illustrator_apsb22-15_all.nasl instead.');
VendorProductVersionCPE
adobeillustratorcpe:/a:adobe:illustrator

Related

cve 1
cvelist 1
nessus 1
prion 1
cnvd 1
adobe 1
openvas 2
hivepro 1
cve
cve
CVE-2022-23187
2022-03-11 18:15:00
cvelist
cvelist
CVE-2022-23187 Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution
2022-03-08 00:00:00
nessus
nessus
Adobe Illustrator 26.x < 26.1.0 A Vulnerability (APSB22-15)
2023-04-27 00:00:00
prion
prion
Buffer overflow
2022-03-11 18:15:00
cnvd
cnvd
Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-22098)
2022-03-11 00:00:00
adobe
adobe
APSB22-15 : Security update available for Adobe Illustrator
2022-03-08 00:00:00
openvas
openvas
Adobe Illustrator Buffer Overflow Vulnerability (APSB22-15) - Windows
2022-08-11 00:00:00
Adobe Illustrator buffer overflow Vulnerability (APSB22-15) - Mac OS X
2022-08-11 00:00:00
hivepro
hivepro
Weekly Threat Digest: 7 – 13 March 2022
2022-03-14 16:24:44
JSON
Related for ADOBE_ILLUSTRATOR_APSB22-15.NASL
cve1cvelist1nessus1prion1cnvd1adobe1openvas2hivepro1