Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_PHOTOSHOP_APSB19-15.NASL
HistoryMar 13, 2019 - 12:00 a.m.

Adobe Photoshop CC 19.x <= 19.1.7 / 20.x <= 20.0.2 Vulnerability (APSB19-15)

2019-03-1300:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

The version of Adobe Photoshop CC installed on the remote Windows host is equal or prior to 19.1.7 (2018.1.7), 20.0.2 (2019.0.2). It is, therefore, affected by a vulnerability as referenced in the apsb19-15 advisory.

  • Heap corruption potentially leading to Arbitrary code execution (CVE-2019-7094)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122817);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/30 13:24:47");

  script_cve_id("CVE-2019-7094");

  script_name(english:"Adobe Photoshop CC 19.x <= 19.1.7 / 20.x <= 20.0.2 Vulnerability (APSB19-15)");
  script_summary(english:"Checks the version of Adobe Photoshop.");

  script_set_attribute(attribute:"synopsis", value:
"Adobe Photoshop installed on remote Windows host is affected by a
vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Photoshop CC installed on the remote Windows host
is equal or prior to 19.1.7 (2018.1.7), 20.0.2 (2019.0.2). It is, therefore,
affected by a vulnerability as referenced in the apsb19-15 advisory.

  - Heap corruption potentially leading to Arbitrary code
    execution (CVE-2019-7094)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/photoshop/apsb19-15.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Photoshop CC version 19.1.8 (2018.1.8), 20.0.4
(2019.0.4) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7094");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:photoshop_cc");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_photoshop_installed.nasl");
  script_require_keys("installed_sw/Adobe Photoshop", "SMB/Registry/Enumerated");

  exit(0);
}

include("vcf.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

app_info = vcf::get_app_info(app:"Adobe Photoshop", win_local:TRUE);

if ("CC" >!< app_info.Product) vcf::vcf_exit(0, "Only Adobe Photoshop CC is affected.");
vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
  { "min_version" : "19", "max_version" : "19.1.7", "fixed_version" : "19.1.8" },
  { "min_version" : "20", "max_version" : "20.0.2", "fixed_version" : "20.0.4" },
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
adobephotoshop_cccpe:/a:adobe:photoshop_cc

Related

cve 1
nessus 1
zdi 1
openvas 2
prion 1
adobe 1
cvelist 1
thn 1
threatpost 1
cve
cve
CVE-2019-7094
2019-05-24 19:29:00
nessus
nessus
Adobe Photoshop CC 19.x <= 19.1.7 / 20.x <= 20.0.2 Vulnerability (APSB19-15)
2019-03-13 00:00:00
zdi
zdi
Adobe Photoshop GIF Parsing Memory Corruption Remote Code Execution Vulnerability
2019-03-12 00:00:00
openvas
openvas
Adobe Photoshop CC Arbitrary Code Execution Vulnerability (APSB19-15) - Mac OS X
2019-03-18 00:00:00
Adobe Photoshop CC Remote Code Execution Vulnerability (May 2018) - Windows
2019-03-18 00:00:00
prion
prion
Heap overflow
2019-05-24 19:29:00
adobe
adobe
APSB19-15 Security updates available for Adobe Photoshop CC
2019-03-12 00:00:00
cvelist
cvelist
CVE-2019-7094
2019-05-24 18:47:51
thn
thn
Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition
2019-03-12 16:22:00
threatpost
threatpost
Adobe Patches Critical Photoshop, Digital Edition Flaws
2019-03-12 15:53:19
JSON
Related for ADOBE_PHOTOSHOP_APSB19-15.NASL
cve1nessus1zdi1openvas2prion1adobe1cvelist1thn1threatpost1