The version of Adobe Reader installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities:
Use After Free vulnerability (CWE-416) potentially leading to disclosure of sensitive memory. (CVE-2022-24101, CVE-2022-28250, CVE-2022-28256, CVE-2022-28269, CVE-2022-28837)
Use After Free vulnerability (CWE-416) potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-24102, CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-27786, CVE-2022-27789, CVE-2022-27790, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801, CVE-2022-27802, CVE-2022-28230, CVE-2022-28232, CVE-2022-28233, CVE-2022-28235, CVE-2022-28237, CVE-2022-28238, CVE-2022-28240, CVE-2022-28242, CVE-2022-28838, CVE-2022-44514, CVE-2022-44518, CVE-2022-44519, CVE-2022-44520)
Out-of-bounds Write vulnerability (CWE-787) potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27787, CVE-2022-27788, CVE-2022-27792, CVE-2022-27793, CVE-2022-27798, CVE-2022-28236, CVE-2022-44512, CVE-2022-44513)
Out-of-bounds Read vulnerability (CWE-125) when processing a doc object potentially leading to read past the end of an allocated memory structure. (CVE-2022-28231, CVE-2022-28239, CVE-2022-28241, CVE-2022-28243, CVE-2022-28245, CVE-2022-28246, CVE-2022-28248, CVE-2022-28249, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253, CVE-2022-28254, CVE-2022-28255, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261, CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268, CVE-2022-35672, CVE-2022-44515, CVE-2022-44516, CVE-2022-44517)
Stack-based buffer overflow vulnerability (CWE-121) due to insecure processing of a font, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27791)
Use of a variable that has not been initialized vulnerability (CWE-824) when processing of embedded fonts, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27794)
Heap-based buffer overflow vulnerability (CWE-122) due to insecure handling of a crafted .pdf file, potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-28234)
Violation of secure design principles through bypassing the content security policy vulnerability (CWE-657), potentially leading to an attacker sending arbitrarily configured requests to the cross-origin attack target domain. (CVE-2022-28244)
Uncontrolled search path vulnerability (CWE-353) potentially leading to local privilege escalation. (CVE-2022-28247)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159659);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/06");
script_cve_id(
"CVE-2022-24101",
"CVE-2022-24102",
"CVE-2022-24103",
"CVE-2022-24104",
"CVE-2022-27785",
"CVE-2022-27786",
"CVE-2022-27787",
"CVE-2022-27788",
"CVE-2022-27789",
"CVE-2022-27790",
"CVE-2022-27791",
"CVE-2022-27792",
"CVE-2022-27793",
"CVE-2022-27794",
"CVE-2022-27795",
"CVE-2022-27796",
"CVE-2022-27797",
"CVE-2022-27798",
"CVE-2022-27799",
"CVE-2022-27800",
"CVE-2022-27801",
"CVE-2022-27802",
"CVE-2022-28230",
"CVE-2022-28231",
"CVE-2022-28232",
"CVE-2022-28233",
"CVE-2022-28234",
"CVE-2022-28235",
"CVE-2022-28236",
"CVE-2022-28237",
"CVE-2022-28238",
"CVE-2022-28239",
"CVE-2022-28240",
"CVE-2022-28241",
"CVE-2022-28242",
"CVE-2022-28243",
"CVE-2022-28244",
"CVE-2022-28245",
"CVE-2022-28246",
"CVE-2022-28247",
"CVE-2022-28248",
"CVE-2022-28249",
"CVE-2022-28250",
"CVE-2022-28251",
"CVE-2022-28252",
"CVE-2022-28253",
"CVE-2022-28254",
"CVE-2022-28255",
"CVE-2022-28256",
"CVE-2022-28257",
"CVE-2022-28258",
"CVE-2022-28259",
"CVE-2022-28260",
"CVE-2022-28261",
"CVE-2022-28262",
"CVE-2022-28263",
"CVE-2022-28264",
"CVE-2022-28265",
"CVE-2022-28266",
"CVE-2022-28267",
"CVE-2022-28268",
"CVE-2022-28269",
"CVE-2022-28837",
"CVE-2022-28838",
"CVE-2022-35672",
"CVE-2022-44512",
"CVE-2022-44513",
"CVE-2022-44514",
"CVE-2022-44515",
"CVE-2022-44516",
"CVE-2022-44517",
"CVE-2022-44518",
"CVE-2022-44519",
"CVE-2022-44520"
);
script_xref(name:"IAVA", value:"2022-A-0013-S");
script_xref(name:"IAVA", value:"2022-A-0152-S");
script_name(english:"Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229,
20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by
multiple vulnerabilities:
- Use After Free vulnerability (CWE-416) potentially leading to disclosure of sensitive memory. (CVE-2022-24101,
CVE-2022-28250, CVE-2022-28256, CVE-2022-28269, CVE-2022-28837)
- Use After Free vulnerability (CWE-416) potentially leading to arbitrary code execution in the context of the
current user. (CVE-2022-24102, CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-27786, CVE-2022-27789,
CVE-2022-27790, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801,
CVE-2022-27802, CVE-2022-28230, CVE-2022-28232, CVE-2022-28233, CVE-2022-28235, CVE-2022-28237, CVE-2022-28238,
CVE-2022-28240, CVE-2022-28242, CVE-2022-28838, CVE-2022-44514, CVE-2022-44518, CVE-2022-44519, CVE-2022-44520)
- Out-of-bounds Write vulnerability (CWE-787) potentially leading to arbitrary code execution in the context of
the current user. (CVE-2022-27787, CVE-2022-27788, CVE-2022-27792, CVE-2022-27793, CVE-2022-27798,
CVE-2022-28236, CVE-2022-44512, CVE-2022-44513)
- Out-of-bounds Read vulnerability (CWE-125) when processing a doc object potentially leading to read past the
end of an allocated memory structure. (CVE-2022-28231, CVE-2022-28239, CVE-2022-28241, CVE-2022-28243,
CVE-2022-28245, CVE-2022-28246, CVE-2022-28248, CVE-2022-28249, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253,
CVE-2022-28254, CVE-2022-28255, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261,
CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268,
CVE-2022-35672, CVE-2022-44515, CVE-2022-44516, CVE-2022-44517)
- Stack-based buffer overflow vulnerability (CWE-121) due to insecure processing of a font, potentially leading to
arbitrary code execution in the context of the current user. (CVE-2022-27791)
- Use of a variable that has not been initialized vulnerability (CWE-824) when processing of embedded fonts,
potentially leading to arbitrary code execution in the context of the current user. (CVE-2022-27794)
- Heap-based buffer overflow vulnerability (CWE-122) due to insecure handling of a crafted .pdf file, potentially
leading to arbitrary code execution in the context of the current user. (CVE-2022-28234)
- Violation of secure design principles through bypassing the content security policy vulnerability (CWE-657),
potentially leading to an attacker sending arbitrarily configured requests to the cross-origin attack target
domain. (CVE-2022-28244)
- Uncontrolled search path vulnerability (CWE-353) potentially leading to local privilege escalation. (CVE-2022-28247)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/121.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/353.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/657.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/824.html");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334
/ 22.001.20112 / 22.001.20117 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-28838");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-35672");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_adobe_reader_installed.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
get_kb_item_or_exit('Host/local_checks_enabled');
os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
var app_info = vcf::get_app_info(app:'Adobe Reader');
# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
var constraints = [
{ 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },
{ 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },
{ 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },
{ 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },
{ 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },
{ 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },
{ 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },
{ 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }
];
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
Vendor | Product | Version |
---|---|---|
adobe | acrobat_reader |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27787
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28239
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28240
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28242
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28256
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28262
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44520
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/353.html
cwe.mitre.org/data/definitions/416.html
cwe.mitre.org/data/definitions/657.html
cwe.mitre.org/data/definitions/787.html
cwe.mitre.org/data/definitions/824.html
helpx.adobe.com/security/products/acrobat/apsb22-16.html