The version of Adobe Premiere Pro installed on the remote Windows host is prior to 15.4.1. It is, therefore, affected by memory access vulnerabilities that could lead to arbitrary code execution.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153439);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");
script_cve_id("CVE-2021-40710", "CVE-2021-40715");
script_xref(name:"IAVA", value:"2021-A-0420-S");
script_name(english:"Adobe Premiere Pro < 15.4.1 Arbitrary Code Executionâ¯(APSB21-67)");
script_set_attribute(attribute:"synopsis", value:
"Adobe Premiere Pro installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Premiere Pro installed on the remote Windows host is prior to 15.4.1. It is, therefore, affected
by memory access vulnerabilities that could lead to arbitrary code execution.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Premiere Pro version 15.4.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-40715");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:premiere_pro");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:premiere_pro_cc");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_premiere_pro_installed.nasl");
script_require_keys("installed_sw/Adobe Premiere Pro", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Adobe Premiere Pro', win_local:TRUE);
var constraints = [{'fixed_version': '15.4.1'}];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | premiere_pro | cpe:/a:adobe:premiere_pro | |
adobe | premiere_pro_cc | cpe:/a:adobe:premiere_pro_cc |