Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_ADOBE_READER_APSB19-17.NASL
HistoryApr 12, 2019 - 12:00 a.m.

Adobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)

2019-04-1200:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30482, 2017.011.30127, or 2019.010.20098. It is, therefore, affected by multiple vulnerabilities.

  • Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127)

  • Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)

  • Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7117, CVE-2019-7128)

  • Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7088, CVE-2019-7112)

  • Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7113, CVE-2019-7125)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124006);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/30 13:24:46");

  script_cve_id(
    "CVE-2019-7061",
    "CVE-2019-7088",
    "CVE-2019-7109",
    "CVE-2019-7110",
    "CVE-2019-7111",
    "CVE-2019-7112",
    "CVE-2019-7113",
    "CVE-2019-7114",
    "CVE-2019-7115",
    "CVE-2019-7116",
    "CVE-2019-7117",
    "CVE-2019-7118",
    "CVE-2019-7119",
    "CVE-2019-7120",
    "CVE-2019-7121",
    "CVE-2019-7122",
    "CVE-2019-7123",
    "CVE-2019-7124",
    "CVE-2019-7125",
    "CVE-2019-7127",
    "CVE-2019-7128"
  );
  script_bugtraq_id(
    107805,
    107809,
    107811,
    107812,
    107815
  );

  script_name(english:"Adobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)");
  script_summary(english:"Checks the version of Adobe Reader.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Reader installed on the remote macOS host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote macOS host is a
version prior or equal to 2015.006.30482, 2017.011.30127, or
2019.010.20098. It is, therefore, affected by multiple
vulnerabilities.

  - Out-of-Bounds Read potentially leading to Information
    Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110,
    CVE-2019-7114, CVE-2019-7115, CVE-2019-7116,
    CVE-2019-7121, CVE-2019-7122, CVE-2019-7123,
    CVE-2019-7127)

  - Out-of-Bounds Write potentially leading to Arbitrary
    Code Execution (CVE-2019-7111, CVE-2019-7118,
    CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)

  - Type Confusion potentially leading to Arbitrary Code
    Execution (CVE-2019-7117, CVE-2019-7128)

  - Use After Free potentially leading to Arbitrary Code
    Execution (CVE-2019-7088, CVE-2019-7112)

  - Heap Overflow potentially leading to Arbitrary Code
    Execution (CVE-2019-7113, CVE-2019-7125)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-17.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader version 2015.006.30493 or 2017.011.30138 or
2019.010.20099 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7128");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_reader_installed.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");

  exit(0);
}

include("vcf.inc");
include("vcf_extras.inc");

get_kb_item_or_exit("Host/local_checks_enabled");
os = get_kb_item("Host/MacOSX/Version");
if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");

app_info = vcf::get_app_info(app:"Adobe Reader");

# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
constraints = [
  { "min_version" : "15.6", "max_version" : "15.006.30482", "fixed_version" : "15.006.30493" },
  { "min_version" : "17.8", "max_version" : "17.011.30127", "fixed_version" : "17.011.30138" },
  { "min_version" : "15.7", "max_version" : "19.010.20098", "fixed_version" : "19.010.20099" }
];
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
VendorProductVersionCPE
adobeacrobat_readercpe:/a:adobe:acrobat_reader

References

Related

openvas 12
nessus 3
adobe 1
kaspersky 1
threatpost 1
checkpoint_advisories 21
cvelist 21
cve 21
prion 21
srcincite 4
zdi 5
talos 1
redhatcve 1
talosblog 1
openvas
openvas
Adobe Acrobat Reader DC (Continuous Track) Security Updates (APSB19-17) - Windows
2019-04-11 00:00:00
Adobe Acrobat DC (Continuous Track) Security Updates (APSB19-17) - Windows
2019-04-11 00:00:00
Adobe Acrobat 2017 Security Updates (APSB19-17) - Mac OS X
2019-04-11 00:00:00
nessus
nessus
Adobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)
2019-04-12 00:00:00
Adobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)
2019-04-12 00:00:00
Adobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)
2019-04-12 00:00:00
adobe
adobe
APSB19-17 Security update available for Adobe Acrobat and Reader
2019-04-09 00:00:00
kaspersky
kaspersky
KLA11458 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader
2019-04-09 00:00:00
threatpost
threatpost
Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player
2019-04-09 18:08:08
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Out-of-Bounds Read (APSB19-17: CVE-2019-7122)
2019-04-09 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-17: CVE-2019-7119)
2019-04-09 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Read (APSB19-17: CVE-2019-7123)
2019-04-09 00:00:00
cvelist
cvelist
CVE-2019-7121
2019-05-23 17:18:49
CVE-2019-7123
2019-05-23 17:15:43
CVE-2019-7118
2019-05-23 17:12:09
cve
cve
CVE-2019-7118
2019-05-23 18:29:00
CVE-2019-7110
2019-05-23 18:29:00
CVE-2019-7122
2019-05-23 18:29:00
prion
prion
Out-of-bounds
2019-05-23 18:29:00
Out-of-bounds
2019-05-23 18:29:00
Heap overflow
2019-05-23 17:29:00
srcincite
srcincite
SRC-2019-0021 : Adobe Acrobat Pro DC Distiller PostScript File Parsing Use-After-free Remote Code Execution Vulnerability
2019-01-16 00:00:00
SRC-2019-0022 : Adobe Acrobat Pro DC Distiller DCTDecode JPEG parsing SOS Marker Out-of-Bounds Read Information Disclosure Vulnerability
2019-01-22 00:00:00
SRC-2019-0024 : Adobe Acrobat Pro DC Distiller PostScript File maxlength operand Type Confusion Remote Code Execution Vulnerability
2019-01-25 00:00:00
zdi
zdi
Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-04-15 00:00:00
Adobe Acrobat Pro DC JOBOPTIONS CalCMYKProfile Out-Of-Bounds Write Remote Code Execution Vulnerability
2019-04-15 00:00:00
Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-04-15 00:00:00
talos
talos
Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux
2019-04-09 00:00:00
redhatcve
redhatcve
CVE-2019-7125
2019-04-10 11:49:50
talosblog
talosblog
Vulnerability Spotlight: Adobe Acrobat Reader remote code execution
2019-04-10 06:48:09
JSON
Related for MACOS_ADOBE_READER_APSB19-17.NASL
openvas12nessus3adobe1kaspersky1threatpost1checkpoint_advisories21cvelist21cve21prion21srcincite4zdi5talos1redhatcve1talosblog1