Lucene search

K

Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities

๐Ÿ—“๏ธย 06 Feb 2008ย 00:00:00Reported byย This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.Typeย 
nessus
ย nessus
๐Ÿ”—ย www.tenable.com๐Ÿ‘ย 49ย Views

Adobe Reader versions prior to 8.1.2 and 7.1.0 are vulnerable to multiple security issues including printer control, arbitrary code execution, and insecure library loading

Show more
Related
Refs
Code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(30200);
  script_version("1.37");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");

  script_cve_id(
    "CVE-2007-5659",
    "CVE-2007-5663",
    "CVE-2007-5666",
    "CVE-2008-0655",
    "CVE-2008-0667",
    "CVE-2008-0726",
    "CVE-2008-2042"
  );
  script_bugtraq_id(27641);
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");

  script_name(english:"Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The PDF file viewer on the remote Windows host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote host is earlier
than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple
vulnerabilities :

  - A design error vulnerability may allow an attacker to
    gain control of a user's printer.

  - Multiple stack-based buffer overflows may allow an
    attacker to execute arbitrary code subject to the
    user's privileges.

  - Insecure loading of 'Security Provider' libraries may
    allow for arbitrary code execution.

  - An insecure method exposed by the JavaScript library
    in the 'EScript.api' plug-in allows direct control
    over low-level features of the object, which allows
    for execution of arbitrary code as the current user.

  - Two vulnerabilities in the unpublicized function
    'app.checkForUpdate()' exploited through a callback
    function could lead to arbitrary code execution in
    Adobe Reader 7.");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=655
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8619fcdc");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=656
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d74fcf2");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=657
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c30fbc0");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-08-004/");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/79");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/103");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/104");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/105");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/146");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2008/May/140");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2008/May/141");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/acrobat/release-note/reader-acrobat-8-1-2.html");
  script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/advisories/apsa08-01.html");
  script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb08-13.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader 8.1.2 / 7.1.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-2042");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Collab.collectEmailInfo() Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(94, 119, 189, 399);

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");

  script_dependencies("adobe_reader_installed.nasl");
  script_require_keys("SMB/Acroread/Version");

  exit(0);
}

include("global_settings.inc");
include("audit.inc");

info = NULL;
vers = get_kb_list('SMB/Acroread/Version');
if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB item is missing.');

foreach ver (vers)
{
  if (ver && ver =~ "^([0-6]\.|7\.0|8\.(0\.|1\.[01][^0-9.]?))")
  {
    path = get_kb_item('SMB/Acroread/'+ver+'/Path');
    if (isnull(path)) exit(1, 'The "SMB/Acroread/'+ver+'/Path" KB item is missing.');

    verui = get_kb_item('SMB/Acroread/'+ver+'/Version_UI');
    if (isnull(verui)) exit(1, 'The "SMB/Acroread/'+ver+'/Version_UI" KB item is missing.');

    info += '  - ' + verui + ', under ' + path + '\n';
  }
}

if (isnull(info)) exit(0, 'The remote host is not affected.');

if (report_verbosity > 0)
{
  if (max_index(split(info)) > 1) s = "s of Adobe Reader are";
  else s = " of Adobe Reader is";

  report =
    '\nThe following vulnerable instance'+s+' installed on the'+
    '\nremote host :\n\n'+
    info;
  security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Feb 2008 00:00Current
0.6Low risk
Vulners AI Score0.6
CVSS29.3
CVSS39.8
EPSS0.958
49
.json
Report