Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_ADOBE_ACROBAT_APSB19-41.NASL
HistoryAug 16, 2019 - 12:00 a.m.

Adobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)

2019-08-1600:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.847

Percentile

98.5%

The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30497, 2017.011.30142, or 2019.012.20034. It is, therefore, affected by multiple vulnerabilities.

  • Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052)

  • Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)

  • Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)

  • Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)

  • Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060)

  • Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050)

  • Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048)

  • Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044)

  • Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)

  • Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097)

  • Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)

  • Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)

  • Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(127901);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");

  script_cve_id(
    "CVE-2019-7832",
    "CVE-2019-7965",
    "CVE-2019-8002",
    "CVE-2019-8003",
    "CVE-2019-8004",
    "CVE-2019-8005",
    "CVE-2019-8006",
    "CVE-2019-8007",
    "CVE-2019-8008",
    "CVE-2019-8009",
    "CVE-2019-8010",
    "CVE-2019-8011",
    "CVE-2019-8012",
    "CVE-2019-8013",
    "CVE-2019-8014",
    "CVE-2019-8015",
    "CVE-2019-8016",
    "CVE-2019-8017",
    "CVE-2019-8018",
    "CVE-2019-8019",
    "CVE-2019-8020",
    "CVE-2019-8021",
    "CVE-2019-8022",
    "CVE-2019-8023",
    "CVE-2019-8024",
    "CVE-2019-8025",
    "CVE-2019-8026",
    "CVE-2019-8027",
    "CVE-2019-8028",
    "CVE-2019-8029",
    "CVE-2019-8030",
    "CVE-2019-8031",
    "CVE-2019-8032",
    "CVE-2019-8033",
    "CVE-2019-8034",
    "CVE-2019-8035",
    "CVE-2019-8036",
    "CVE-2019-8037",
    "CVE-2019-8038",
    "CVE-2019-8039",
    "CVE-2019-8040",
    "CVE-2019-8041",
    "CVE-2019-8042",
    "CVE-2019-8043",
    "CVE-2019-8044",
    "CVE-2019-8045",
    "CVE-2019-8046",
    "CVE-2019-8047",
    "CVE-2019-8048",
    "CVE-2019-8049",
    "CVE-2019-8050",
    "CVE-2019-8051",
    "CVE-2019-8052",
    "CVE-2019-8053",
    "CVE-2019-8054",
    "CVE-2019-8055",
    "CVE-2019-8056",
    "CVE-2019-8057",
    "CVE-2019-8058",
    "CVE-2019-8059",
    "CVE-2019-8060",
    "CVE-2019-8061",
    "CVE-2019-8077",
    "CVE-2019-8094",
    "CVE-2019-8095",
    "CVE-2019-8096",
    "CVE-2019-8097",
    "CVE-2019-8098",
    "CVE-2019-8099",
    "CVE-2019-8100",
    "CVE-2019-8101",
    "CVE-2019-8102",
    "CVE-2019-8103",
    "CVE-2019-8104",
    "CVE-2019-8105",
    "CVE-2019-8106",
    "CVE-2019-8237"
  );
  script_bugtraq_id(108320);
  script_xref(name:"IAVA", value:"2020-A-0211-S");

  script_name(english:"Adobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote macOS host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote macOS host is a
version prior or equal to 2015.006.30497, 2017.011.30142, or
2019.012.20034. It is, therefore, affected by multiple
vulnerabilities.

  - Out-of-Bounds Read potentially leading to Information
    Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
    CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
    CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
    CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
    CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
    CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
    CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
    CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
    CVE-2019-8052)

  - Out-of-Bounds Write potentially leading to Arbitrary
    Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
    CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
    CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)

  - Type Confusion potentially leading to Arbitrary Code
    Execution (CVE-2019-8019)

  - Use After Free potentially leading to Arbitrary Code
    Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
    CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
    CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
    CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
    CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
    CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
    CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
    CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
  
  - Command injection potentially leading to Arbitrary Command
    Execution (CVE-2019-8060)

  - Heap Overflow potentially leading to Arbitrary Code
    Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
    CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
    CVE-2019-8049, CVE-2019-8050)

  - Buffer Error potentially leading to Arbitrary Code
    Execution (CVE-2019-8048)

  - Double Free potentially leading to Arbitrary Code
    Execution (CVE-2019-8044)

  - Integer Overflow potentially leading to Arbitrary Code
    Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)

  - Internal IP Disclosure potentially leading to Information
    Disclosure (CVE-2019-8097)

  - Type Confusion potentially leading to Arbitrary Code
    Execution (CVE-2019-8019)

  - Untrusted Pointer Dereference potentially leading to 
    Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)

  - Insufficiently Robust Encryption leading to Security
    feature bypass. (CVE-2019-8237)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8237");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_acrobat_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

get_kb_item_or_exit('Host/local_checks_enabled');
os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');

app_info = vcf::get_app_info(app:'Adobe Acrobat');

# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
constraints = [
  { 'min_version' : '15.6', 'max_version' : '15.006.30497', 'fixed_version' : '15.006.30499' },
  { 'min_version' : '17.8', 'max_version' : '17.011.30142', 'fixed_version' : '17.011.30144' },
  { 'min_version' : '15.7', 'max_version' : '19.012.20034', 'fixed_version' : '19.012.20036' }
];
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
VendorProductVersionCPE
adobeacrobatcpe:/a:adobe:acrobat

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.847

Percentile

98.5%