Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310801508
HistorySep 10, 2010 - 12:00 a.m.

Adobe InDesign Insecure Library Loading Vulnerability - Windows

2010-09-1000:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
5

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Adobe InDesign is prone to insecure library loading vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801508");
  script_version("2024-02-15T05:05:39+0000");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2010-09-10 16:37:50 +0200 (Fri, 10 Sep 2010)");
  script_cve_id("CVE-2010-3153");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Adobe InDesign Insecure Library Loading Vulnerability - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/41126");
  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/14775/");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_adobe_indesign_detect.nasl");
  script_mandatory_keys("SMB/WindowsVersion");

  script_tag(name:"insight", value:"The flaw is due to the application insecurely loading certain
libraries from the current working directory, which could allow attackers to
execute arbitrary code by tricking a user into opening a file from a network share.");
  script_tag(name:"solution", value:"Upgrade Adobe InDesign to version CS4 6.0.6 or later.");
  script_tag(name:"summary", value:"Adobe InDesign is prone to insecure library loading vulnerability.");
  script_tag(name:"impact", value:"Successful exploitation will allow the attackers to execute
arbitrary code and conduct DLL hijacking attacks.");
  script_tag(name:"affected", value:"Adobe InDesign version CS4 6.0");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");

adVer = get_kb_item("Adobe/InDesign/Ver");
if(isnull(adVer)){
  exit(0);
}

adobeVer = eregmatch(pattern:" ([0-9.]+)", string:adVer);
if(!isnull(adobeVer[1]) && ("CS4" >< adVer))
{
  if(version_is_equal(version:adobeVer[1], test_version:"6.0")){
    security_message( port: 0, data: "The target host was found to be vulnerable" );
  }
}

Related

openvas 1
kaspersky 1
prion 1
cvelist 1
nvd 1
cve 1
openvas
openvas
Adobe InDesign Insecure Library Loading Vulnerability (Windows)
2010-09-10 00:00:00
kaspersky
kaspersky
KLA10037 ACE vulnerability in Adobe InDesign
2010-10-18 00:00:00
prion
prion
Design/Logic Flaw
2010-08-27 19:00:00
cvelist
cvelist
CVE-2010-3153
2010-08-27 18:10:00
nvd
nvd
CVE-2010-3153
2010-08-27 19:00:19
cve
cve
CVE-2010-3153
2010-08-27 19:00:19

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON
Related for OPENVAS:1361412562310801508
openvas1kaspersky1prion1cvelist1nvd1cve1