Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)

2014-09-16T00:00:00
ID MACOSX_ADOBE_ACROBAT_APSB14-20.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-09-02T00:00:00

Description

The version of Adobe Acrobat installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities :

  • A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0560)

  • A heap-based buffer overflow exists that allows arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  • An input-validation error exists that allows universal cross-site scripting (UXSS) attacks. (CVE-2014-0562)

  • A memory corruption error exists that allows denial of service attacks. (CVE-2014-0563)

  • Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77713);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2014-0560",
    "CVE-2014-0561",
    "CVE-2014-0562",
    "CVE-2014-0563",
    "CVE-2014-0565",
    "CVE-2014-0566",
    "CVE-2014-0567"
  );
  script_bugtraq_id(
    69821,
    69822,
    69823,
    69824,
    69825,
    69826,
    69827
  );

  script_name(english:"Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)");
  script_summary(english:"Checks the version of Adobe Acrobat.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat on the remote Mac OS X host is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote host is version
10.x equal to or prior to 10.1.10, or 11.x equal to or prior to
11.0.07. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists that allows arbitrary code
    execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows
    arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - An input-validation error exists that allows universal
    cross-site scripting (UXSS) attacks. (CVE-2014-0562)

  - A memory corruption error exists that allows denial of
    service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allow arbitrary code
    execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb14-20.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0567");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_acrobat_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit("Host/local_checks_enabled");
os = get_kb_item("Host/MacOSX/Version");
if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");

app_name = "Adobe Acrobat";
install = get_single_install(app_name:app_name);

version = install['version'];
path    = install['path'];

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Affected for Mac is :
# 10.x <= 10.1.10
# 11.x <= 11.0.7
if (
  (ver[0] == 10 && ver[1] < 1) ||
  (ver[0] == 10 && ver[1] == 1 && ver[2] <= 10) ||
  (ver[0] == 11 && ver[1] == 0 && ver[2] <= 7)
)
{
  set_kb_item(name:'www/0/XSS', value:TRUE);

  if (report_verbosity > 0)
  {
    report = '\n  Path              : '+path+
             '\n  Installed version : '+version+
             '\n  Fixed version     : 10.1.12 / 11.0.09' +
             '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);