Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10
2015-09-29T00:00:00
ID OPENVAS:1361412562310121024 Type openvas Reporter Eero Volotinen Modified 2018-04-06T00:00:00
Description
Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10
# OpenVAS Vulnerability Test
# Description: Gentoo Linux security check
# $Id: glsa-201309-10.nasl 9374 2018-04-06 08:58:12Z cfischer $
# Authors:
# Eero Volotinen <eero.volotinen@solinor.com>
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://solinor.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.121024");
script_version("$Revision: 9374 $");
script_tag(name:"creation_date", value:"2015-09-29 11:25:50 +0300 (Tue, 29 Sep 2015)");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $");
script_name("Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10");
script_tag(name: "insight", value: "An unspecified vulnerability exists in Adobe Reader.");
script_tag(name : "solution", value : "update software");
script_tag(name : "solution_type", value : "VendorFix");
script_xref(name : "URL" , value : "https://security.gentoo.org/glsa/201309-10");
script_cve_id("CVE-2013-3346");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10");
script_copyright("Eero Volotinen");
script_family("Gentoo Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if((res=ispkgvuln(pkg:"app-text/acroread", unaffected: make_list("ge 9.5.5"), vulnerable: make_list("lt 9.5.5"))) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:1361412562310121024", "bulletinFamily": "scanner", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10", "published": "2015-09-29T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121024", "reporter": "Eero Volotinen", "references": ["https://security.gentoo.org/glsa/201309-10"], "cvelist": ["CVE-2013-3346"], "type": "openvas", "lastseen": "2018-04-09T11:30:47", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-3346"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10", "edition": 2, "enchantments": {"score": {"modified": "2017-07-24T12:53:57", "value": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P/"}}, "hash": "e67f4b6e828d9737662da32e0b4f6ca0d91e32f737873a1964c8b8634a0c736c", "hashmap": [{"hash": "9fa851eed8150e5ffe9c78658d9bd232", "key": "sourceData"}, {"hash": "05e1264e7c2f04b9dbcb6d8d76e48585", "key": "pluginID"}, {"hash": "603158070a66cc5722533c98e069889d", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "fb0324d45b438a38fcb6b5615a2faac1", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d89cc672a6266551218ef8145d1f22e2", "key": "modified"}, {"hash": "2cb7a575ddfd9e4fcdd5d5e26d26e610", "key": "references"}, {"hash": "311fe06b3cf4192127ad9986f2239f2a", "key": "published"}, {"hash": "0c617a5f20441a2b260dec4e0f367e48", "key": "description"}, {"hash": "accf15eb411ebbb334dce1b0882773ab", "key": "title"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121024", "id": "OPENVAS:1361412562310121024", "lastseen": "2017-07-24T12:53:57", "modified": "2017-07-07T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310121024", "published": "2015-09-29T00:00:00", "references": ["https://security.gentoo.org/glsa/201309-10"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201309-10.nasl 6592 2017-07-07 09:16:27Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121024\");\nscript_version(\"$Revision: 6592 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:25:50 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:16:27 +0200 (Fri, 07 Jul 2017) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10\");\nscript_tag(name: \"insight\", value: \"An unspecified vulnerability exists in Adobe Reader.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201309-10\");\nscript_cve_id(\"CVE-2013-3346\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_summary(\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.5.5\"), vulnerable: make_list(\"lt 9.5.5\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-24T12:53:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-3346"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10", "edition": 1, "enchantments": {}, "hash": "4a4ce174154ea6e1ec0c13108a0aaa21aa92c214a7fd6b99c241402810214e63", "hashmap": [{"hash": "05e1264e7c2f04b9dbcb6d8d76e48585", "key": "pluginID"}, {"hash": "4b2bff744590ab68fb488f63f2c691e6", "key": "sourceData"}, {"hash": "603158070a66cc5722533c98e069889d", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "fb0324d45b438a38fcb6b5615a2faac1", "key": "cvelist"}, {"hash": "451ccf9b33cae434b1236ed7a06114ec", "key": "modified"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "2cb7a575ddfd9e4fcdd5d5e26d26e610", "key": "references"}, {"hash": "311fe06b3cf4192127ad9986f2239f2a", "key": "published"}, {"hash": "0c617a5f20441a2b260dec4e0f367e48", "key": "description"}, {"hash": "accf15eb411ebbb334dce1b0882773ab", "key": "title"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121024", "id": "OPENVAS:1361412562310121024", "lastseen": "2017-07-02T21:12:35", "modified": "2016-11-15T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310121024", "published": "2015-09-29T00:00:00", "references": ["https://security.gentoo.org/glsa/201309-10"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201309-10.nasl 4513 2016-11-15 09:37:48Z cfi $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121024\");\nscript_version(\"$Revision: 4513 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:25:50 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2016-11-15 10:37:48 +0100 (Tue, 15 Nov 2016) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10\");\nscript_tag(name: \"insight\", value: \"An unspecified vulnerability exists in Adobe Reader.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201309-10\");\nscript_cve_id(\"CVE-2013-3346\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"login/SSH/success\", \"ssh/login/gentoo\");\nscript_category(ACT_GATHER_INFO);\nscript_summary(\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.5.5\"), vulnerable: make_list(\"lt 9.5.5\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:12:35"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "fb0324d45b438a38fcb6b5615a2faac1"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "0c617a5f20441a2b260dec4e0f367e48"}, {"key": "href", "hash": "603158070a66cc5722533c98e069889d"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "05e1264e7c2f04b9dbcb6d8d76e48585"}, {"key": "published", "hash": "311fe06b3cf4192127ad9986f2239f2a"}, {"key": "references", "hash": "2cb7a575ddfd9e4fcdd5d5e26d26e610"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}, {"key": "sourceData", "hash": "2c746672350419172d2ce265689a1e41"}, {"key": "title", "hash": "accf15eb411ebbb334dce1b0882773ab"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "d4b17a0e0f830b280db150c2a4861b0de54ff0e9c7a1b00ca26568b3e4b353cf", "viewCount": 0, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201309-10.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121024\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:25:50 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201309-10\");\nscript_tag(name: \"insight\", value: \"An unspecified vulnerability exists in Adobe Reader.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201309-10\");\nscript_cve_id(\"CVE-2013-3346\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201309-10\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.5.5\"), vulnerable: make_list(\"lt 9.5.5\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "1361412562310121024"}
{"result": {"cve": [{"id": "CVE-2013-3346", "type": "cve", "title": "CVE-2013-3346", "description": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.", "published": "2013-08-30T16:55:06", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346", "cvelist": ["CVE-2013-3346"], "lastseen": "2017-09-19T13:38:48"}], "exploitdb": [{"id": "EDB-ID:30394", "type": "exploitdb", "title": "Adobe Reader ToolButton - Use After Free", "description": "Adobe Reader ToolButton - Use After Free. CVE-2013-3346. Remote exploit for windows platform", "published": "2013-12-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/30394/", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-02-03T12:17:54"}], "metasploit": [{"id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_TOOLBUTTON", "type": "metasploit", "title": "Adobe Reader ToolButton Use After Free", "description": "This module exploits a use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This module has been tested successfully on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild in November, 2013.", "published": "2013-12-16T20:13:47", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2013-3346"], "lastseen": "2018-03-30T13:59:11"}, {"id": "MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_TOOLBUTTON", "type": "metasploit", "title": "Adobe Reader ToolButton Use After Free", "description": "This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This module has been tested successfully on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild in November, 2013. At the moment, this module doesn't support Adobe Reader 9 targets; in order to exploit Adobe Reader 9 the fileformat version of the exploit can be used.", "published": "2013-12-16T20:13:47", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2013-3346"], "lastseen": "2018-04-14T14:20:55"}], "packetstorm": [{"id": "PACKETSTORM:124464", "type": "packetstorm", "title": "Adobe Reader ToolButton Use After Free", "description": "", "published": "2013-12-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/124464/Adobe-Reader-ToolButton-Use-After-Free.html", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-12-05T22:22:32"}, {"id": "PACKETSTORM:124463", "type": "packetstorm", "title": "Adobe Reader ToolButton Use After Free", "description": "", "published": "2013-12-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/124463/Adobe-Reader-ToolButton-Use-After-Free.html", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-12-05T22:16:24"}], "gentoo": [{"id": "GLSA-201309-10", "type": "gentoo", "title": "Adobe Reader: Arbitrary Code Execution", "description": "### Background\n\nAdobe Reader is a closed-source PDF reader.\n\n### Description\n\nAn unspecified vulnerability exists in Adobe Reader.\n\n### Impact\n\nAn attacker could execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Reader users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/acroread-9.5.5\"", "published": "2013-09-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201309-10", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-09-06T19:46:26"}], "canvas": [{"id": "ACROBAT_TOOLBUTTON", "type": "canvas", "title": "Immunity Canvas: ACROBAT_TOOLBUTTON", "description": "**Name**| acrobat_toolbutton \n---|--- \n**CVE**| CVE-2013-3346 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| acrobat_toolbutton \n**Notes**| CVE Name: CVE-2013-3346 \nVENDOR: Adobe \nNOTES: \nThis exploit has been tested on: \n \n\\- Windows XP SP3 EN Acrobat Reader 11.0.2/11.0.1/10.1.4/10.1.2/10.1.1/10.1.0 \n \nVulnerable versions include: \n \n<= 11.0.2 \n<= 10.1.6 \n<= 9.5.4 \n \nRepeatability: \nReferences: http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html \nCVE Url: http://www.adobe.com/support/security/bulletins/apsb13-15.html \n\n", "published": "2013-08-30T16:55:06", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/acrobat_toolbutton", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-09-25T14:12:42"}], "zdt": [{"id": "1337DAY-ID-21684", "type": "zdt", "title": "Adobe Reader ToolButton Use After Free", "description": "Exploit for windows platform in category remote exploits", "published": "2013-12-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/21684", "cvelist": ["CVE-2013-3346"], "lastseen": "2018-02-16T01:27:25"}], "nessus": [{"id": "GENTOO_GLSA-201309-10.NASL", "type": "nessus", "title": "GLSA-201309-10 : Adobe Reader: Arbitrary Code Execution", "description": "The remote host is affected by the vulnerability described in GLSA-201309-10 (Adobe Reader: Arbitrary Code Execution)\n\n An unspecified vulnerability exists in Adobe Reader.\n Impact :\n\n An attacker could execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2013-09-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69901", "cvelist": ["CVE-2013-3346"], "lastseen": "2017-10-29T13:41:58"}, {"id": "REDHAT-RHSA-2013-0826.NASL", "type": "nessus", "title": "RHEL 5 / 6 : acroread (RHSA-2013:0826)", "description": "Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nAdobe Reader allows users to view and print documents in Portable Document Format (PDF).\n\nThis update fixes multiple security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-15, listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2013-2549, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341)\n\nThis update also fixes an information leak flaw in Adobe Reader.\n(CVE-2013-2737)\n\nAll Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.5, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.", "published": "2013-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66458", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-12-15T23:50:23"}, {"id": "MACOSX_ADOBE_READER_APSB13-15.NASL", "type": "nessus", "title": "Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15) (Mac OS X)", "description": "The version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.3, 10.1.7, or 9.5.5. It is, therefore, affected by the following vulnerabilities :\n\n - Unspecified memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)\n\n - An integer underflow condition exists that allows an attacker to execute arbitrary code. (CVE-2013-2549)\n\n - A use-after-free error exists that allows an attacker to bypass the Adobe Reader's sandbox protection.\n (CVE-2013-2550)\n\n - A flaw exists in the JavaScript API that allows an attacker to obtain sensitive information.\n (CVE-2013-2737)\n\n - An unspecified stack overflow condition exists that allows an attacker to execute arbitrary code.\n (CVE-2013-2724)\n\n - Multiple unspecified buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2013-2730, CVE-2013-2733)\n\n - Multiple unspecified integer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2013-2727, CVE-2013-2729)\n\n - A flaw exists due to improper handling of operating system domain blacklists. An attacker can exploit this to have an unspecified impact. (CVE-2013-3342)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2013-05-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66411", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-12-16T00:01:09"}, {"id": "ADOBE_READER_APSB13-15.NASL", "type": "nessus", "title": "Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)", "description": "The version of Adobe Reader installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5. It is, therefore, affected by multiple vulnerabilities :\n\n - Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)\n\n - An integer underflow error exists that could lead to code execution. (CVE-2013-2549)\n\n - A use-after-free error exists that could lead to a bypass of Adobe Reader's sandbox protection.\n (CVE-2013-2550)\n\n - An unspecified information leakage issue involving a JavaScript API exists. (CVE-2013-2737)\n\n - An unspecified stack overflow issue exists that could lead to code execution. (CVE-2013-2724)\n\n - An unspecified buffer overflow error exists that could lead to code execution. (CVE-2013-2730, CVE-2013-2733)\n\n - An unspecified integer overflow error exists that could lead to code execution. (CVE-2013-2727, CVE-2013-2729)\n\n - A flaw exists in the way Reader handles domains that have been blacklisted in the operating system.\n (CVE-2013-3342)", "published": "2013-05-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66410", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-12-16T00:03:53"}, {"id": "ADOBE_ACROBAT_APSB13-15.NASL", "type": "nessus", "title": "Adobe Acrobat < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)", "description": "The version of Adobe Acrobat installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5. It is, therefore, affected by multiple vulnerabilities :\n\n - Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)\n\n - An integer underflow error exists that could lead to code execution. (CVE-2013-2549)\n\n - A use-after-free error exists that could lead to a bypass of Adobe Reader's sandbox protection.\n (CVE-2013-2550)\n\n - An unspecified information leakage issue involving a JavaScript API exists. (CVE-2013-2737)\n\n - An unspecified stack overflow issue exists that could lead to code execution. (CVE-2013-2724)\n\n - An unspecified buffer overflow error exists that could lead to code execution. (CVE-2013-2730, CVE-2013-2733)\n\n - An unspecified integer overflow error exists that could lead to code execution. (CVE-2013-2727, CVE-2013-2729)\n\n - A flaw exists in the way Reader handles domains that have been blacklisted in the operating system.\n (CVE-2013-3342)", "published": "2013-05-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66409", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-12-15T23:54:33"}], "zdi": [{"id": "ZDI-13-212", "type": "zdi", "title": "Adobe Reader ToolButton Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the callbacks associated with ToolButton objects. A reference to the ToolButton object is kept when executing a callback which can lead to a use-after-free scenario if the callback removes the ToolButton object. An attacker can leverage this situation to execute code under the context of the user.", "published": "2013-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-212", "cvelist": ["CVE-2013-3346"], "lastseen": "2016-11-09T00:17:52"}], "seebug": [{"id": "SSV:61170", "type": "seebug", "title": "Adobe Reader\u548cAcrobat\u5185\u5b58\u635f\u574f\u6f0f\u6d1e", "description": "CVE ID:CVE-2013-3346\r\n\r\nAdobe Reader\u548cAcrobat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u635f\u574f\uff09\u3002\n0\nAdobe Reader\u548cAcrobat 9.5.5\u4e4b\u524d\u76849.x\u7248\u672c\uff0c10.1.7\u4e4b\u524d\u768410.x\u7248\u672c\uff0c11.0.03\u4e4b\u524d\u768411.x\u7248\u672c\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb13-15.html", "published": "2013-12-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61170", "cvelist": ["CVE-2013-3346"], "lastseen": "2017-11-19T17:39:30"}], "thn": [{"id": "THN:1EA4AB16D6C3A0518A078CC8C9304FA5", "type": "thn", "title": "CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered", "description": "None\n", "published": "2013-11-29T04:40:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://thehackernews.com/2013/11/CVE-2013-5065-Windows-XP-Privilege-escalation-Zero-Day-exploit.html", "cvelist": ["CVE-2013-3346", "CVE-2013-5065"], "lastseen": "2017-01-08T18:01:12"}], "threatpost": [{"id": "EPIC-OPERATION-KICKS-OFF-MULTISTAGE-TURLA-APT-CAMPAIGN/107612", "type": "threatpost", "title": "Epic Operation Kicks Off Multistage Turla APT Campaign", "description": "The [Turla APT campaign](<http://threatpost.com/agent-btz-malware-may-have-served-as-starting-point-for-red-october-turla/104735>) has baffled researchers for months as to how its victims are compromised. Peaking during the first two months of the year, Turla has targeted municipal governments, embassies, militaries and other high-value targets worldwide, with particular concentrations in the Middle East and Europe.\n\nResearchers at Kaspersky Lab, however, today announced they have discovered a [precursor to Turla called Epic](<https://securelist.com/analysis/publications/65545/the-epic-turla-operation/>) that uses a cocktail of zero-days and off-the-shelf exploits against previously unknown and patched vulnerabilities to compromise victims. Epic is the first of a multistage attack that hits victims via spear-phishing campaigns, social engineering scams, or watering hole attacks against websites of interest to the victims.\n\n### Related Posts\n\n#### [Threatpost News Wrap, September 2, 2016](<https://threatpost.com/threatpost-news-wrap-september-2-2016/120332/> \"Permalink to Threatpost News Wrap, September 2, 2016\" )\n\nSeptember 2, 2016 , 9:00 am\n\n#### [Insecure Redis Instances at Core of Attacks Against Linux Servers](<https://threatpost.com/insecure-redis-instances-at-core-of-attacks-against-linux-servers/120312/> \"Permalink to Insecure Redis Instances at Core of Attacks Against Linux Servers\" )\n\nSeptember 1, 2016 , 1:08 pm\n\n#### [Fairware Attacks Targeting Linux Servers](<https://threatpost.com/fairware-attacks-targeting-linux-servers/120254/> \"Permalink to Fairware Attacks Targeting Linux Servers\" )\n\nAugust 31, 2016 , 10:21 am\n\nEpic shares code snippets with Turla and similar encryption used to confound researchers, suggesting a link between the two campaigns; either the attackers are cooperating or are the same group, Kaspersky researchers said.\n\nTo date, there are more than 500 victim IP addresses in 45 countries, and as Tuesday the campaign remained active. The malware establishes a backdoor connection to the attackers through which system information is sent in order to determine which exploits are fed to the compromised machine and ultimately where stolen data is exfiltrated. The attackers have a variety of backdoors at their disposal, and use them according to the value of the target, Kaspersky researchers said.\n\nTwo zero-day exploits against Windows XP and Windows Server 2003 ([CVE-2013-5065](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5065>)) vulnerabilities and Adobe Reader ([CVE-2013-3346](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346>)) have been used against some targets in order to gain administrative privileges. Users are infected via spearphishing emails with infected PDF exploits, or via infected websites hosting Java exploits that are really malware installers posing as a .scr file or Flash Player. Victims are tricked, in the last two cases, into installing the infected files, Kaspersky researchers said.\n\n[](<https://trtpost-wpengine.netdna-ssl.com/files/2014/08/Epic-Turla.png>)\n\nMore than 100 websites have been infected in the Epic campaign, most of them municipal government websites, including the website for City Hall in Pinor, Spain, an entrepreneurial site in Romania and the Palestinian Authority Ministry of Foreign Affairs. All of the sites were built using the TYPO3 content management system, indicating the attackers have access to a vulnerability on that platform. Once compromised, the websites then load remote JavaScript that performs a number of tasks, including dropping exploits for flaws in Internet Explorer 6-8, recent Java or Flash bugs, or a phony Microsoft Security Essentials application signed with a legitimate certificate from Sysprint AG.\n\n\u201cThe Epic Turla attackers are extremely dynamic in using exploits or different methods depending on what is available at the moment,\u201d Kaspersky Lab said in its research report.\n\nMore than 50 hacked servers make up the Epic Turla command infrastructure, Kaspersky Lab said. Victimized computers communicate to a centralized server via a network of proxies and VPN connections. The attackers make a determination whether to exploit a particular machine based on a number of existing system and third-party application configurations. If certain processes, such as tcpdump, windump, ethereal, wireshark and others are running, the backdoor will terminate. Otherwise, if the victim is of interest, a different backdoor called Carbon or Pfinet, is deployed and the Epic campaign updates the configuration file with a new set of command and control servers, further indicating a connection between the Epic and Turla campaigns. Attack commands are sent that include a keylogger used to steal credentials in order to move laterally, as well as a list of specific .doc files to search for. Some of the document searches found are: \u201cNATO.msg;\u201d \u201ceu energy dialogue;\u201d and \u201cEU.msg.\u201d\n\n\u201cThe configuration updates for the Cobra/Carbon system malware, also known as Pfinet, are interesting, because this is another project related to the Turla threat actor. This suggests that we are dealing with a multi-stage infection that begins with the Epic Turla \u2013 to gain a foothold and validate the high profile victim. If the victim is interesting, it gets upgraded to the full Turla Carbon system,\u201dsaid Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.\n\nThe Carbon backdoors, meanwhile, share characteristics with other attack platforms such as Tilded and Flame, as well as some subtle connections to [Miniduke](<https://securelist.com/blog/incidents/31112/the-miniduke-mystery-pdf-0-day-government-spy-assembler-0x29a-micro-backdoor>). The attackers do not seem to be native English speakers, Kaspersky\u2019s report said. One of the Epic backdoors is called \u201cZagruzchik.dll\u201d which translates to bootloader in Russian, and the Epic Turla control panel is set to Cyrillic.\n\nMost of the victims are in France, the United States, Iran and Russia with targets ranging from ministries of the interior, trade and commerce, foreign affairs and intelligence in the European Union and Asia.", "published": "2014-08-07T10:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/epic-operation-kicks-off-multistage-turla-apt-campaign/107612/", "cvelist": ["CVE-2013-3346", "CVE-2013-5065"], "lastseen": "2016-09-04T20:52:56"}], "openvas": [{"id": "OPENVAS:1361412562310803617", "type": "openvas", "title": "Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)", "description": "This host is installed with Adobe Acrobat and is prone to multiple unspecified\nvulnerabilities.", "published": "2013-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803617", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-12-21T11:37:29"}, {"id": "OPENVAS:1361412562310803616", "type": "openvas", "title": "Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)", "description": "This host is installed with Adobe Acrobat and is prone to multiple unspecified\nvulnerabilities.", "published": "2013-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803616", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2018-01-02T10:59:34"}, {"id": "OPENVAS:1361412562310803614", "type": "openvas", "title": "Adobe Reader Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)", "description": "This host is installed with Adobe Reader and is prone to multiple unspecified\nvulnerabilities.", "published": "2013-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803614", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-07-02T21:11:23"}, {"id": "OPENVAS:1361412562310803615", "type": "openvas", "title": "Adobe Reader Multiple Unspecified Vulnerabilities -01 May13 (Linux)", "description": "This host is installed with Adobe Reader and is prone to multiple unspecified\nvulnerabilities.", "published": "2013-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803615", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2017-07-02T21:11:04"}, {"id": "OPENVAS:1361412562310803613", "type": "openvas", "title": "Adobe Reader Multiple Unspecified Vulnerabilities -01 May13 (Windows)", "description": "This host is installed with Adobe Reader and is prone to multiple unspecified\nvulnerabilities.", "published": "2013-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803613", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2018-01-02T10:59:50"}], "redhat": [{"id": "RHSA-2013:0826", "type": "redhat", "title": "(RHSA-2013:0826) Critical: acroread security update", "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple security flaws in Adobe Reader. These flaws are\ndetailed in the Adobe Security bulletin APSB13-15, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2013-2549, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,\nCVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725,\nCVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731,\nCVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,\nCVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341)\n\nThis update also fixes an information leak flaw in Adobe Reader.\n(CVE-2013-2737)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.5.5, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.\n", "published": "2013-05-15T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0826", "cvelist": ["CVE-2013-2549", "CVE-2013-2718", "CVE-2013-2719", "CVE-2013-2720", "CVE-2013-2721", "CVE-2013-2722", "CVE-2013-2723", "CVE-2013-2724", "CVE-2013-2725", "CVE-2013-2726", "CVE-2013-2727", "CVE-2013-2729", "CVE-2013-2730", "CVE-2013-2731", "CVE-2013-2732", "CVE-2013-2733", "CVE-2013-2734", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-2737", "CVE-2013-3337", "CVE-2013-3338", "CVE-2013-3339", "CVE-2013-3340", "CVE-2013-3341", "CVE-2013-3346"], "lastseen": "2017-09-09T07:19:15"}], "kaspersky": [{"id": "KLA10457", "type": "kaspersky", "title": "\r KLA10457Adobe Acrobat & Reader multiple vulnerabilities\t\t\t ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n08/08/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat & Reader. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security, obtain sensitive information or arbitrary code execution.\n\n### *Affected products*:\nAdobe Reader XI versions 11.0.02 and earlier \nAdobe Reader X versions 10.1.6 and earlier \nAdobe Reader 9 versions 9.5.4 and earlier \nAdobe Acrobat XI versions 11.0.02 and earlier \nAdobe Acrobat X versions 10.1.6 and earlier \nAdobe Acrobat 9 versions 9.5.4 and earlier\n\n### *Solution*:\nUpdate to latest version \n[get reader](<https://get.adobe.com/reader/?loc=ru>)\n\n### *Original advisories*:\n[APSB](<http://www.adobe.com/support/security/bulletins/apsb13-15.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader XI](<https://threats.kaspersky.com/en/product/Adobe-Reader-XI/>)\n\n### *CVE-IDS*:\n[CVE-2013-3346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3346>) \n[CVE-2013-3342](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3342>) \n[CVE-2013-3341](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3341>) \n[CVE-2013-3340](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3340>) \n[CVE-2013-3339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3339>) \n[CVE-2013-3338](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3338>) \n[CVE-2013-3337](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3337>) \n[CVE-2013-2737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2737>) \n[CVE-2013-2736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2736>) \n[CVE-2013-2735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2735>) \n[CVE-2013-2734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2734>) \n[CVE-2013-2733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2733>) \n[CVE-2013-2732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2732>) \n[CVE-2013-2731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2731>) \n[CVE-2013-2730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2730>) \n[CVE-2013-2729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729>) \n[CVE-2013-2727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2727>) \n[CVE-2013-2726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2726>) \n[CVE-2013-2725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2725>) \n[CVE-2013-2724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2724>) \n[CVE-2013-2723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2723>) \n[CVE-2013-2722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2722>) \n[CVE-2013-2721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2721>) \n[CVE-2013-2720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2720>) \n[CVE-2013-2719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2719>) \n[CVE-2013-2718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2718>) \n[CVE-2013-2550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2550>) \n[CVE-2013-2549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549>)", "published": "2013-08-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10457", "cvelist": ["CVE-2013-2718", "CVE-2013-3346", "CVE-2013-2733", "CVE-2013-2724", "CVE-2013-2731", "CVE-2013-2725", "CVE-2013-2721", "CVE-2013-2723", "CVE-2013-2722", "CVE-2013-2720", "CVE-2013-2550", "CVE-2013-3339", "CVE-2013-2737", "CVE-2013-2734", "CVE-2013-2719", "CVE-2013-2735", "CVE-2013-2736", "CVE-2013-3341", "CVE-2013-2726", "CVE-2013-2729", "CVE-2013-2727", "CVE-2013-3337", "CVE-2013-3342", "CVE-2013-2732", "CVE-2013-2730", "CVE-2013-2549", "CVE-2013-3338", "CVE-2013-3340"], "lastseen": "2018-03-30T14:11:13"}]}}
