Search...

Adobe Reader Security Updates(apsb17-11)-Windows

2017-04-14T00:00:00

ID OPENVAS:1361412562310810870
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2019-07-05T00:00:00

Description

This host is installed with Adobe Reader and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Adobe Reader Security Updates(apsb17-11)-Windows
#
# Authors:
# Kashinath T &lt;tkashinath@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:adobe:acrobat_reader";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.810870");
  script_version("2019-07-05T08:56:43+0000");
  script_cve_id("CVE-2017-3011", "CVE-2017-3012", "CVE-2017-3013", "CVE-2017-3014",
                "CVE-2017-3015", "CVE-2017-3018", "CVE-2017-3019", "CVE-2017-3020",
                "CVE-2017-3021", "CVE-2017-3022", "CVE-2017-3024", "CVE-2017-3025",
                "CVE-2017-3026", "CVE-2017-3027", "CVE-2017-3028", "CVE-2017-3030",
                "CVE-2017-3031", "CVE-2017-3032", "CVE-2017-3033", "CVE-2017-3034",
                "CVE-2017-3036", "CVE-2017-3037", "CVE-2017-3038", "CVE-2017-3039",
                "CVE-2017-3040", "CVE-2017-3042", "CVE-2017-3043", "CVE-2017-3044",
                "CVE-2017-3045", "CVE-2017-3046", "CVE-2017-3048", "CVE-2017-3049",
                "CVE-2017-3050", "CVE-2017-3051", "CVE-2017-3052", "CVE-2017-3054",
                "CVE-2017-3055", "CVE-2017-3056", "CVE-2017-3057", "CVE-2017-3065",
                "CVE-2017-3035", "CVE-2017-3047", "CVE-2017-3017", "CVE-2017-3023",
                "CVE-2017-3041", "CVE-2017-3029", "CVE-2017-3053");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)");
  script_tag(name:"creation_date", value:"2017-04-14 12:38:23 +0530 (Fri, 14 Apr 2017)");
  script_name("Adobe Reader Security Updates(apsb17-11)-Windows");

  script_tag(name:"summary", value:"This host is installed with Adobe Reader
  and is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exists due to,

  - use-after-free vulnerabilities.

  - heap buffer overflow vulnerabilities.

  - memory corruption vulnerabilities.

  - integer overflow vulnerabilities.");

  script_tag(name:"impact", value:"Successful exploitation of this vulnerability
  will allow remote attackers to conduct code execution attacks.");

  script_tag(name:"affected", value:"Adobe Reader version 11.x before
  11.0.20 on Windows.");

  script_tag(name:"solution", value:"Upgrade to Adobe Reader version
  11.0.20 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
  script_mandatory_keys("Adobe/Reader/Win/Installed");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!readerVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_in_range(version:readerVer, test_version:"11.0", test_version2:"11.0.19"))
{
  report = report_fixed_ver(installed_version:readerVer, fixed_version:"11.0.20");
  security_message(data:report);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310810870", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Reader Security Updates(apsb17-11)-Windows", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "published": "2017-04-14T00:00:00", "modified": "2019-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810870", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"], "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "lastseen": "2019-07-17T14:21:33", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310812571", "OPENVAS:1361412562310812568", "OPENVAS:1361412562310812573", "OPENVAS:1361412562310812569", "OPENVAS:1361412562310812570", "OPENVAS:1361412562310810871", "OPENVAS:1361412562310812572", "OPENVAS:1361412562310810873", "OPENVAS:1361412562310812567", "OPENVAS:1361412562310812566"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_READER_APSB17-11.NASL", "MACOSX_ADOBE_ACROBAT_APSB17-11.NASL", "ADOBE_ACROBAT_APSB17-11.NASL", "ADOBE_READER_APSB17-11.NASL"]}, {"type": "kaspersky", "idList": ["KLA10992"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:7E6831E46F8BB1882B752045F527ABE6"]}, {"type": "cve", "idList": ["CVE-2017-3022", "CVE-2017-3051", "CVE-2017-3027", "CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3025", "CVE-2017-3020", "CVE-2017-3029", "CVE-2017-3031", "CVE-2017-3028"]}, {"type": "threatpost", "idList": ["THREATPOST:CC548F78FDE639F4ABD2E2A3A2100238"]}, {"type": "zdi", "idList": ["ZDI-17-252", "ZDI-17-260", "ZDI-17-257", "ZDI-17-255", "ZDI-17-276", "ZDI-17-282", "ZDI-17-258", "ZDI-17-254", "ZDI-17-273", "ZDI-17-271"]}], "modified": "2019-07-17T14:21:33", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2019-07-17T14:21:33", "rev": 2}, "vulnersScore": 9.3}, "pluginID": "1361412562310810870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb17-11)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810870\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 12:38:23 +0530 (Fri, 14 Apr 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-11)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - use-after-free vulnerabilities.\n\n - heap buffer overflow vulnerabilities.\n\n - memory corruption vulnerabilities.\n\n - integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to conduct code execution attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before\n 11.0.20 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.19\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.20\");\n security_message(data:report);\n exit(0);\n}", "naslFamily": "General"}

{"nessus": [{"lastseen": "2021-01-01T01:13:15", "description": "The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-14T00:00:00", "title": "Adobe Acrobat < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB17-11.NASL", "href": "https://www.tenable.com/plugins/nessus/99373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99373);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3011\",\n \"CVE-2017-3012\",\n \"CVE-2017-3013\",\n \"CVE-2017-3014\",\n \"CVE-2017-3015\",\n \"CVE-2017-3017\",\n \"CVE-2017-3018\",\n \"CVE-2017-3019\",\n \"CVE-2017-3020\",\n \"CVE-2017-3021\",\n \"CVE-2017-3022\",\n \"CVE-2017-3023\",\n \"CVE-2017-3024\",\n \"CVE-2017-3025\",\n \"CVE-2017-3026\",\n \"CVE-2017-3027\",\n \"CVE-2017-3028\",\n \"CVE-2017-3029\",\n \"CVE-2017-3030\",\n \"CVE-2017-3031\",\n \"CVE-2017-3032\",\n \"CVE-2017-3033\",\n \"CVE-2017-3034\",\n \"CVE-2017-3035\",\n \"CVE-2017-3036\",\n \"CVE-2017-3037\",\n \"CVE-2017-3038\",\n \"CVE-2017-3039\",\n \"CVE-2017-3040\",\n \"CVE-2017-3041\",\n \"CVE-2017-3042\",\n \"CVE-2017-3043\",\n \"CVE-2017-3044\",\n \"CVE-2017-3045\",\n \"CVE-2017-3046\",\n \"CVE-2017-3047\",\n \"CVE-2017-3048\",\n \"CVE-2017-3049\",\n \"CVE-2017-3050\",\n \"CVE-2017-3051\",\n \"CVE-2017-3052\",\n \"CVE-2017-3053\",\n \"CVE-2017-3054\",\n \"CVE-2017-3055\",\n \"CVE-2017-3056\",\n \"CVE-2017-3057\",\n \"CVE-2017-3065\"\n );\n script_bugtraq_id(\n 97547,\n 97548,\n 97549,\n 97550,\n 97554,\n 97556\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 11.0.20 / 2015.006.30306 / 2017.009.20044 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3037\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\n\nconstraints = [\n { \"min_version\" : \"11\", \"max_version\" : \"11.0.19\", \"fixed_version\" : \"11.0.20\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30280\", \"fixed_version\" : \"15.6.30306\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"15.23.20070\", \"fixed_version\" : \"17.9.20044\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:14", "description": "The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.20, 2015.006.30306, 2017.009.20044. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-14T00:00:00", "title": "Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB17-11.NASL", "href": "https://www.tenable.com/plugins/nessus/99376", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99376);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3011\",\n \"CVE-2017-3012\",\n \"CVE-2017-3013\",\n \"CVE-2017-3014\",\n \"CVE-2017-3015\",\n \"CVE-2017-3017\",\n \"CVE-2017-3018\",\n \"CVE-2017-3019\",\n \"CVE-2017-3020\",\n \"CVE-2017-3021\",\n \"CVE-2017-3022\",\n \"CVE-2017-3023\",\n \"CVE-2017-3024\",\n \"CVE-2017-3025\",\n \"CVE-2017-3026\",\n \"CVE-2017-3027\",\n \"CVE-2017-3028\",\n \"CVE-2017-3029\",\n \"CVE-2017-3030\",\n \"CVE-2017-3031\",\n \"CVE-2017-3032\",\n \"CVE-2017-3033\",\n \"CVE-2017-3034\",\n \"CVE-2017-3035\",\n \"CVE-2017-3036\",\n \"CVE-2017-3037\",\n \"CVE-2017-3038\",\n \"CVE-2017-3039\",\n \"CVE-2017-3040\",\n \"CVE-2017-3041\",\n \"CVE-2017-3042\",\n \"CVE-2017-3043\",\n \"CVE-2017-3044\",\n \"CVE-2017-3045\",\n \"CVE-2017-3046\",\n \"CVE-2017-3047\",\n \"CVE-2017-3048\",\n \"CVE-2017-3049\",\n \"CVE-2017-3050\",\n \"CVE-2017-3051\",\n \"CVE-2017-3052\",\n \"CVE-2017-3053\",\n \"CVE-2017-3054\",\n \"CVE-2017-3055\",\n \"CVE-2017-3056\",\n \"CVE-2017-3057\",\n \"CVE-2017-3065\"\n );\n script_bugtraq_id(\n 97547,\n 97548,\n 97549,\n 97550,\n 97554,\n 97556\n );\n\n script_name(english:\"Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.20, 2015.006.30306, 2017.009.20044. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.20 / 2015.006.30306 / 2017.009.20044 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3037\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\n\nconstraints = [\n { \"min_version\" : \"11\", \"max_version\" : \"11.0.19\", \"fixed_version\" : \"11.0.20\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30280\", \"fixed_version\" : \"15.6.30306\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"15.23.20070\", \"fixed_version\" : \"17.9.20044\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:26:24", "description": "The version of Adobe Acrobat installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.20, 2015.006.30306, 2017.009.20044. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-14T00:00:00", "title": "Adobe Acrobat < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB17-11.NASL", "href": "https://www.tenable.com/plugins/nessus/99375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99375);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3011\",\n \"CVE-2017-3012\",\n \"CVE-2017-3013\",\n \"CVE-2017-3014\",\n \"CVE-2017-3015\",\n \"CVE-2017-3017\",\n \"CVE-2017-3018\",\n \"CVE-2017-3019\",\n \"CVE-2017-3020\",\n \"CVE-2017-3021\",\n \"CVE-2017-3022\",\n \"CVE-2017-3023\",\n \"CVE-2017-3024\",\n \"CVE-2017-3025\",\n \"CVE-2017-3026\",\n \"CVE-2017-3027\",\n \"CVE-2017-3028\",\n \"CVE-2017-3029\",\n \"CVE-2017-3030\",\n \"CVE-2017-3031\",\n \"CVE-2017-3032\",\n \"CVE-2017-3033\",\n \"CVE-2017-3034\",\n \"CVE-2017-3035\",\n \"CVE-2017-3036\",\n \"CVE-2017-3037\",\n \"CVE-2017-3038\",\n \"CVE-2017-3039\",\n \"CVE-2017-3040\",\n \"CVE-2017-3041\",\n \"CVE-2017-3042\",\n \"CVE-2017-3043\",\n \"CVE-2017-3044\",\n \"CVE-2017-3045\",\n \"CVE-2017-3046\",\n \"CVE-2017-3047\",\n \"CVE-2017-3048\",\n \"CVE-2017-3049\",\n \"CVE-2017-3050\",\n \"CVE-2017-3051\",\n \"CVE-2017-3052\",\n \"CVE-2017-3053\",\n \"CVE-2017-3054\",\n \"CVE-2017-3055\",\n \"CVE-2017-3056\",\n \"CVE-2017-3057\",\n \"CVE-2017-3065\"\n );\n script_bugtraq_id(\n 97547,\n 97548,\n 97549,\n 97550,\n 97554,\n 97556\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS X\nhost is a version prior to 11.0.20, 2015.006.30306, 2017.009.20044. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exists that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 11.0.20 / 2015.006.30306 / 2017.009.20044 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3037\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\nconstraints = [\n { \"min_version\" : \"11\", \"max_version\" : \"11.0.19\", \"fixed_version\" : \"11.0.20\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30280\", \"fixed_version\" : \"15.6.30306\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"15.23.20070\", \"fixed_version\" : \"17.9.20044\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:39", "description": "The version of Adobe Reader installed on the remote Windows host is a\nversion prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due to the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 36, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-14T00:00:00", "title": "Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB17-11.NASL", "href": "https://www.tenable.com/plugins/nessus/99374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99374);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3011\",\n \"CVE-2017-3012\",\n \"CVE-2017-3013\",\n \"CVE-2017-3014\",\n \"CVE-2017-3015\",\n \"CVE-2017-3017\",\n \"CVE-2017-3018\",\n \"CVE-2017-3019\",\n \"CVE-2017-3020\",\n \"CVE-2017-3021\",\n \"CVE-2017-3022\",\n \"CVE-2017-3023\",\n \"CVE-2017-3024\",\n \"CVE-2017-3025\",\n \"CVE-2017-3026\",\n \"CVE-2017-3027\",\n \"CVE-2017-3028\",\n \"CVE-2017-3029\",\n \"CVE-2017-3030\",\n \"CVE-2017-3031\",\n \"CVE-2017-3032\",\n \"CVE-2017-3033\",\n \"CVE-2017-3034\",\n \"CVE-2017-3035\",\n \"CVE-2017-3036\",\n \"CVE-2017-3037\",\n \"CVE-2017-3038\",\n \"CVE-2017-3039\",\n \"CVE-2017-3040\",\n \"CVE-2017-3041\",\n \"CVE-2017-3042\",\n \"CVE-2017-3043\",\n \"CVE-2017-3044\",\n \"CVE-2017-3045\",\n \"CVE-2017-3046\",\n \"CVE-2017-3047\",\n \"CVE-2017-3048\",\n \"CVE-2017-3049\",\n \"CVE-2017-3050\",\n \"CVE-2017-3051\",\n \"CVE-2017-3052\",\n \"CVE-2017-3053\",\n \"CVE-2017-3054\",\n \"CVE-2017-3055\",\n \"CVE-2017-3056\",\n \"CVE-2017-3057\",\n \"CVE-2017-3065\"\n );\n script_bugtraq_id(\n 97547,\n 97548,\n 97549,\n 97550,\n 97554,\n 97556\n );\n\n script_name(english:\"Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3014,\n CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,\n CVE-2017-3047, CVE-2017-3057)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,\n CVE-2017-3055)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3015,\n CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,\n CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,\n CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,\n CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,\n CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,\n CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,\n CVE-2017-3056, CVE-2017-3065)\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2017-3011,\n CVE-2017-3034)\n\n - Multiple memory corruption issues exist that allow an\n an attacker to disclose memory address information.\n (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,\n CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,\n CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,\n CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)\n\n - A flaw exists due to the use of an insecure directory\n search path. An attacker can potentially exploit this to\n execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.20 / 2015.006.30306 / 2017.009.20044 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3037\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::adobe_reader::get_app_info();\n\nconstraints = [\n { \"min_version\" : \"11.0\", \"max_version\" : \"11.0.19\", \"fixed_version\" : \"11.0.20\" },\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30280\", \"fixed_version\" : \"15.6.30306\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"15.23.20070\", \"fixed_version\" : \"17.9.20044\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:18:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812570", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11) - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812570\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:17 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track) 2015.006.30280 and earlier\n versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track) version\n 2015.006.30306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30305 -> 15.006.30305\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30305\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30306 (2015.006.30306)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Reader DC (Classic Track)\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812573", "type": "openvas", "title": "Adobe Reader DC (Classic Track) Security Updates (apsb17-11) - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader DC (Classic Track) Security Updates (apsb17-11)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812573\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:17 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Reader DC (Classic Track) Security Updates (apsb17-11) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader DC (Classic Track)\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader DC (Classic Track) 2015.006.30280 and earlier on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader DC (Classic Track) version\n 2015.006.30306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30305 -> 15.006.30305\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30305\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30306 (2015.006.30306)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:21:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-04-14T00:00:00", "id": "OPENVAS:1361412562310810871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810871", "type": "openvas", "title": "Adobe Reader Security Updates(apsb17-11)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb17-11)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810871\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 12:38:23 +0530 (Fri, 14 Apr 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-11)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - use-after-free vulnerabilities.\n\n - heap buffer overflow vulnerabilities.\n\n - memory corruption vulnerabilities.\n\n - integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to conduct code execution attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before\n 11.0.20 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.19\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.20\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812571", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11) - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812571\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:17 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb17-11) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track) 2015.006.30280 and earlier\n versions on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track) version\n 2015.006.30306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30305 -> 15.006.30305\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30305\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30306 (2015.006.30306)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:22:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-04-14T00:00:00", "id": "OPENVAS:1361412562310810872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810872", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb17-11)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb17-11)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810872\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 12:38:23 +0530 (Fri, 14 Apr 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-11)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - use-after-free vulnerabilities.\n\n - heap buffer overflow vulnerabilities.\n\n - memory corruption vulnerabilities.\n\n - integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to conduct code execution attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before\n 11.0.20 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.19\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.20\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:22:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-04-14T00:00:00", "id": "OPENVAS:1361412562310810873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810873", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb17-11)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb17-11)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810873\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 12:38:23 +0530 (Fri, 14 Apr 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-11)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - use-after-free vulnerabilities.\n\n - heap buffer overflow vulnerabilities.\n\n - memory corruption vulnerabilities.\n\n - integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to conduct code execution attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before\n 11.0.20 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.20 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.19\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.20\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812566", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11) - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812566\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:05 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track) 2015.023.20070 and earlier,\n Adobe Acrobat DC (Continuous Track) 2017.009.20043 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Continuous Track) version\n 2017.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2017.009.20043 => 17.009.20043\n# 2015.023.20070 => 15.023.20070\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.009.20043\") ||\n version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.023.20070\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.009.20044 (2017.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Reader DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812569", "type": "openvas", "title": "Adobe Reader DC (Continuous Track) Security Updates (apsb17-11) - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader DC (Continuous Track) Security Updates (apsb17-11)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812569\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:05 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Reader DC (Continuous Track) Security Updates (apsb17-11) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader DC (Continuous Track) 2015.023.20070 and earlier,\n Adobe Reader DC (Continuous Track) 2017.009.20043 and earlier on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader DC (Continuous Track)\n version 2017.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2017.009.20043 => 17.009.20043\n# 2015.023.20070 => 15.023.20070\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.009.20043\") ||\n version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.023.20070\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.009.20044 (2017.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812567", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11) - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812567\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:05 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb17-11) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - A memory corruption vulnerabilities.\n\n - An integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running\n the affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track) 2015.023.20070 and earlier,\n Adobe Acrobat DC (Continuous Track) 2017.009.20043 and earlier on MacOSX.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Continuous Track) version\n 2017.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2017.009.20043 => 17.009.20043\n# 2015.023.20070 => 15.023.20070\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.009.20043\") ||\n version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.023.20070\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.009.20044 (2017.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "This host is installed with Adobe Reader DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-03-12T00:00:00", "id": "OPENVAS:1361412562310812568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812568", "type": "openvas", "title": "Adobe Reader DC (Continuous Track) Security Updates (apsb17-11) - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader DC (Continuous Track) Security Updates (apsb17-11)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812568\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-3011\", \"CVE-2017-3012\", \"CVE-2017-3013\", \"CVE-2017-3014\",\n \"CVE-2017-3015\", \"CVE-2017-3018\", \"CVE-2017-3019\", \"CVE-2017-3020\",\n \"CVE-2017-3021\", \"CVE-2017-3022\", \"CVE-2017-3024\", \"CVE-2017-3025\",\n \"CVE-2017-3026\", \"CVE-2017-3027\", \"CVE-2017-3028\", \"CVE-2017-3030\",\n \"CVE-2017-3031\", \"CVE-2017-3032\", \"CVE-2017-3033\", \"CVE-2017-3034\",\n \"CVE-2017-3036\", \"CVE-2017-3037\", \"CVE-2017-3038\", \"CVE-2017-3039\",\n \"CVE-2017-3040\", \"CVE-2017-3042\", \"CVE-2017-3043\", \"CVE-2017-3044\",\n \"CVE-2017-3045\", \"CVE-2017-3046\", \"CVE-2017-3048\", \"CVE-2017-3049\",\n \"CVE-2017-3050\", \"CVE-2017-3051\", \"CVE-2017-3052\", \"CVE-2017-3054\",\n \"CVE-2017-3055\", \"CVE-2017-3056\", \"CVE-2017-3057\", \"CVE-2017-3065\",\n \"CVE-2017-3035\", \"CVE-2017-3047\", \"CVE-2017-3017\", \"CVE-2017-3023\",\n \"CVE-2017-3041\", \"CVE-2017-3029\", \"CVE-2017-3053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-12 13:58:05 +0530 (Mon, 12 Mar 2018)\");\n script_name(\"Adobe Reader DC (Continuous Track) Security Updates (apsb17-11) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - use-after-free vulnerabilities.\n\n - heap buffer overflow vulnerabilities.\n\n - memory corruption vulnerabilities.\n\n - integer overflow vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the user running the\n affected applications. Failed exploit attempts will likely cause a\n denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader DC (Continuous Track) 2015.023.20070 and earlier,\n Adobe Reader DC (Continuous Track) 2017.009.20043 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader DC (Continuous Track) version\n 2017.009.20044 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-11.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2017.009.20043 => 17.009.20043\n# 2015.023.20070 => 15.023.20070\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.009.20043\") ||\n version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.023.20070\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.009.20044 (2017.009.20044)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:50", "bulletinFamily": "info", "cvelist": ["CVE-2017-3013", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-3032", "CVE-2017-3011", "CVE-2017-3037", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3051", "CVE-2017-3052", "CVE-2017-3057", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3027", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3043", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-3028", "CVE-2017-3018"], "description": "### *Detect date*:\n04/06/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitary code and possibly cause a denial of service.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2017.009.20044 \nAdobe Acrobat Reader DC Continuous earlier than 2017.009.20044 \nAdobe Acrobat DC Classic earlier than 2015.006.30306 \nAdobe Acrobat Reader DC Classic earlier than 2015.006.30306 \nAdobe Acrobat XI earlier than 11.0.20 \nAdobe Reader XI earlier than 11.0.20\n\n### *Solution*:\nUpdate to the latest versions \n[Download Adobe Acrobat](<http://supportdownloads.adobe.com/product.jsp?product=1&platform=Windows>) \n[Download Adobe Acrobat Reader DC](<https://get.adobe.com/reader/>) \n[Download Adobe Reader XI](<http://supportdownloads.adobe.com/product.jsp?product=10&platform=Windows>)\n\n### *Original advisories*:\n[Adobe security bulletin](<https://helpx.adobe.com/security/products/acrobat/apsb17-11.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader XI](<https://threats.kaspersky.com/en/product/Adobe-Reader-XI/>)\n\n### *CVE-IDS*:\n[CVE-2017-3011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3011>)9.3Critical \n[CVE-2017-3012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3012>)9.3Critical \n[CVE-2017-3013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3013>)9.3Critical \n[CVE-2017-3014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3014>)9.3Critical \n[CVE-2017-3015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3015>)9.3Critical \n[CVE-2017-3018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3018>)9.3Critical \n[CVE-2017-3019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3019>)9.3Critical \n[CVE-2017-3020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3020>)4.3Warning \n[CVE-2017-3021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3021>)4.3Warning \n[CVE-2017-3022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3022>)4.3Warning \n[CVE-2017-3024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3024>)9.3Critical \n[CVE-2017-3025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3025>)9.3Critical \n[CVE-2017-3026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3026>)9.3Critical \n[CVE-2017-3027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3027>)9.3Critical \n[CVE-2017-3028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3028>)9.3Critical \n[CVE-2017-3030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3030>)9.3Critical \n[CVE-2017-3031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3031>)4.3Warning \n[CVE-2017-3032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3032>)4.3Warning \n[CVE-2017-3033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3033>)4.3Warning \n[CVE-2017-3034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3034>)9.3Critical \n[CVE-2017-3036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3036>)9.3Critical \n[CVE-2017-3037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3037>)10.0Critical \n[CVE-2017-3038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3038>)0.0Unknown \n[CVE-2017-3039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3039>)9.3Critical \n[CVE-2017-3040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3040>)9.3Critical \n[CVE-2017-3042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3042>)9.3Critical \n[CVE-2017-3043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3043>)4.3Warning \n[CVE-2017-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3044>)9.3Critical \n[CVE-2017-3045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3045>)4.3Warning \n[CVE-2017-3046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3046>)4.3Warning \n[CVE-2017-3048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3048>)9.3Critical \n[CVE-2017-3049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3049>)9.3Critical \n[CVE-2017-3050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3050>)9.3Critical \n[CVE-2017-3051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3051>)9.3Critical \n[CVE-2017-3052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3052>)4.3Warning \n[CVE-2017-3054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3054>)9.3Critical \n[CVE-2017-3055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3055>)9.3Critical \n[CVE-2017-3056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3056>)9.3Critical \n[CVE-2017-3057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3057>)9.3Critical \n[CVE-2017-3065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3065>)9.3Critical\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "edition": 43, "modified": "2020-06-18T00:00:00", "published": "2017-04-06T00:00:00", "id": "KLA10992", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10992", "title": "\r KLA10992Multiple vulnerabilities in Adobe Acrobat and Adobe Reader ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2017-05-01T13:42:31", "bulletinFamily": "blog", "cvelist": ["CVE-2017-3013", "CVE-2017-3061", "CVE-2017-3030", "CVE-2017-3036", "CVE-2017-3046", "CVE-2017-7269", "CVE-2003-0109", "CVE-2017-3032", "CVE-2017-3063", "CVE-2008-4250", "CVE-2017-3011", "CVE-2014-6324", "CVE-2017-3037", "CVE-2006-3439", "CVE-2017-3033", "CVE-2017-3054", "CVE-2017-3065", "CVE-2017-3034", "CVE-2017-3041", "CVE-2003-0201", "CVE-4638-4639", "CVE-2017-3051", "CVE-2017-3053", "CVE-2017-3052", "CVE-2017-3023", "CVE-2017-3057", "CVE-2017-3058", "CVE-2017-3049", "CVE-2017-3026", "CVE-2017-3022", "CVE-2017-3012", "CVE-2017-3038", "CVE-2017-3040", "CVE-2017-3029", "CVE-2017-3056", "CVE-2017-3019", "CVE-2017-3042", "CVE-2017-3060", "CVE-2017-3020", "CVE-2017-3031", "CVE-2017-3048", "CVE-2017-3059", "CVE-2017-3047", "CVE-2017-3021", "CVE-2017-3014", "CVE-2017-3044", "CVE-2017-3035", "CVE-2017-3027", "CVE-2017-3017", "CVE-2017-3024", "CVE-2017-3050", "CVE-2017-3025", "CVE-2017-3015", "CVE-2017-3062", "CVE-2007-1675", "CVE-2017-3043", "CVE-2003-0352", "CVE-2017-3064", "CVE-2017-3045", "CVE-2017-3055", "CVE-2017-3039", "CVE-2017-0146", "CVE-2017-3028", "CVE-2017-0714", "CVE-2017-3018", "CVE-2001-0236"], "description": "![](http://blog.trendmicro.com/wp-content/uploads/2016/04/TP-WeeklyBlog-300x205-300x205.jpg)\n\nI\u2019ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder pads \u2013 seriously?) History tends to repeat itself \u2013 what\u2019s old is new again \u2013 and it\u2019s no different in the security world.\n\n \n\nLast weekend, a group known as \u201cShadow Brokers\u201d released a large set of tools that can exploit flaws in several versions of Microsoft products and other platforms. A number of the exploits have CVEs that date as far back as 2001. In fact, one of the exploits named \u201cEwokFrenzy\u201d was discovered through our Zero Day Initiative over 10 years ago. Customers with TippingPoint solutions have had coverage for EwokFrenzy through Digital Vaccine\u00ae (DV) filter 4033 since **January 2006!**\n\nOur TippingPoint DVLabs team continues to review the contents associated with the Shadow Brokers disclosure to recommend coverage for TippingPoint solutions. The following table includes the DV filters that provide protection, including new filters released in an out-of-band release this week:\n\n** Exploit Name** | ** MS Bulletin** | ** CVE/ZDI** | ** Filters** | ** 0day?** | ** Status** \n---|---|---|---|---|--- \nDoublePulsar \n(Payload) | | | *27935 | N/A | Policy Filter \nEarlyShovel | | | *27938 | Unknown | Detects Exploit \nEasyBee** | | CVE-2007-1675 \nZDI-07-011 | | No | Investigating \nEasyPi | | | | Unknown | Investigating \nEbbisLand | | CVE-2001-0236 | 621, 622, 3512, 3791 | No | Investigating \nEchoWrecker | | CVE-2003-0201 | 1676 | No | Investigating \nEclipsedWing | MS08-067 | CVE-2008-4250 | 6515 | No | Detects Exploit \nEducatedScholar | MS09-050 | | 8465 | No | Detects Exploit \nELV | MS06-040 | CVE-2006-3439 | 9317 | No | Detects Exploit \nEmeraldThread | MS10-061 | | 10458, *27939 | No | Detects Exploit \nEmphasisMine | | | | Unknown | Investigating \nEnglishManDentist | | | | Unknown | Investigating \nErraticGopher | | | *27932 | Yes | Detects Exploit \nESKE | | CVE-2003-0352 | | No | Investigating \nEskimoRoll | MS14-068 | CVE-2014-6324 | *27940 | No | Exploit Unfilterable \nPolicy Filter \nEsteemAudit | | | *27933 | Yes | Detects Exploit \nEternalBlue | MS17-010 | | 27433, 27711, *27928 | No | Detects Exploit \nEternalChampion | MS17-010 | CVE-2017-0146 | 27433, 27711, *27929 | No | Detects Exploit \nEternalRomance | MS17-010 | | | No | Investigating \nEternalSynergy | MS17-010 | CVE-2017-0714 | *27937 | No | Detects Exploit \nEtre | | | | No | Investigating \nEVFR | | CVE-2003-0109 | 1612 | No | Detects Exploit \nEwokFrenzy | | CVE-2007-1675 \nZDI-07-011 | 4033 | No | Detects Exploit \nExplodingCan | | CVE-2017-7269 | 27643 | No | Detects Exploit \n* New DV filter \n**Identical to EwokFrenzy, but exploit untested against filter \n \n \n\n[Click here](<https://success.trendmicro.com/solution/1117192>) for more information on Trend Micro\u2019s response and recommendations for coverage across all Trend Micro products.\n\n**Adobe Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe Security Bulletins released on or before April 6, 2017.The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s Adobe security updates from Dustin Childs\u2019 [April 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/4/11/the-april-2017-security-update-review>):\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB17-10 | CVE-2017-3058 | 27698 | \nAPSB17-10 | CVE-2017-3059 | *27697 | \nAPSB17-10 | CVE-2017-3060 | 27832 | \nAPSB17-10 | CVE-2017-3061 | 27833 | \nAPSB17-10 | CVE-2017-3062 | *27533 | \nAPSB17-10 | CVE-2017-3063 | *27534 | \nAPSB17-10 | CVE-2017-3064 | 27836 | \nAPSB17-11 | CVE-2017-3013 | 27923, 27925 | \nAPSB17-11 | CVE-2017-3014 | 27824 | \nAPSB17-11 | CVE-2017-3017 | 27827 | \nAPSB17-11 | CVE-2017-3019 | *26521 | \nAPSB17-11 | CVE-2017-3020 | *26491 | \nAPSB17-11 | CVE-2017-3021 | *26510 | \nAPSB17-11 | CVE-2017-3022 | *26631 | \nAPSB17-11 | CVE-2017-3023 | *26535 | \nAPSB17-11 | CVE-2017-3024 | 27829 | \nAPSB17-11 | CVE-2017-3025 | 27851 | \nAPSB17-11 | CVE-2017-3026 | 27852 | \nAPSB17-11 | CVE-2017-3027 | 27909 | \nAPSB17-11 | CVE-2017-3028 | *27160 | \nAPSB17-11 | CVE-2017-3029 | *27159 | \nAPSB17-11 | CVE-2017-3030 | 27823 | \nAPSB17-11 | CVE-2017-3031 | *27241, *27260 | \nAPSB17-11 | CVE-2017-3032 | *27158 | \nAPSB17-11 | CVE-2017-3033 | *27261 | \nAPSB17-11 | CVE-2017-3034 | *27225 | \nAPSB17-11 | CVE-2017-3035 | *27236 | \nAPSB17-11 | CVE-2017-3036 | *27304 | \nAPSB17-11 | CVE-2017-3037 | 27849 | \nAPSB17-11 | CVE-2017-3038 | 27908 | \nAPSB17-11 | CVE-2017-3039 | 27905 | \nAPSB17-11 | CVE-2017-3041 | 27903 | \nAPSB17-11 | CVE-2017-3043 | N/A | Local Vulnerability \nAPSB17-11 | CVE-2017-3042 | *27554, *27556, *27557, *27811 | \nAPSB17-11 | CVE-2017-3044 | 27914 | \nAPSB17-11 | CVE-2017-3045 | 27915 | \nAPSB17-11 | CVE-2017-3046 | 27916 | \nAPSB17-11 | CVE-2017-3047 | 27919 | \nAPSB17-11 | CVE-2017-3048 | *27750 | \nAPSB17-11 | CVE-2017-3049 | 27922 | \nAPSB17-11 | CVE-2017-3050 | *27808 | \nAPSB17-11 | CVE-2017-3051 | *27749 | \nAPSB17-11 | CVE-2017-3052 | *27748 | \nAPSB17-11 | CVE-2017-3053 | *27704 | \nAPSB17-11 | CVE-2017-3054 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3055 | *27522 | \nAPSB17-11 | CVE-2017-3056 | *27520 | \nAPSB17-11 | CVE-2017-3057 | *27521 | \nAPSB17-11 | CVE-2017-3011 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3012 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3015 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3018 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3039 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3040 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3065 | N/A | Insufficient Information \n \n \n\n**Zero-Day Filters**\n\nThere are 13 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (10)_**\n\n| \n\n * 27812: ZDI-CAN-4572: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27820: ZDI-CAN-4571: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)\n * 27821: ZDI-CAN-4570: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27822: ZDI-CAN-4569: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27832: HTTP: Adobe Flash length Memory Corruption Vulnerability (ZDI-17-247, ZDI-17-248)\n * 27914: HTTP: Adobe Acrobat Pro DC JPEG2000 Buffer Overflow Vulnerability (ZDI-17-267)\n * 27915: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-268)\n * 27916: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-270)\n * 27919: HTTP: Adobe Acrobat Pro DC Annotations Use-After-Free Vulnerability (ZDI-17-271)\n * 27922: HTTP: Adobe Acrobat Pro DC ImageConversion Buffer Overflow Vulnerability (ZDI-17-273)**_ _** \n---|--- \n| \n \n**_Cisco (1)_**\n\n| \n\n * 27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server) \n---|--- \n| \n \n**_MIcrosoft (1)_**\n\n| \n\n * 27810: ZDI-CAN-4573: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)**_ _** \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-april-10-2017/>).", "modified": "2017-04-21T18:23:45", "published": "2017-04-21T18:23:45", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-april-17-2017/", "id": "TRENDMICROBLOG:7E6831E46F8BB1882B752045F527ABE6", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 17, 2017", "type": "trendmicroblog", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3029", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3029"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3029", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3030", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3030"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3030", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3030", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3028", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3028"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3028", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3013", "type": "cve", "cwe": ["CWE-427"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3013"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3013", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3027", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3027"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3027", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3027", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3025", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3025"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3025", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3025", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3037", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3037"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3037", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3037", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3031", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3031"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3031", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3022", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3022"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3022", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3022", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T14:59:00", "title": "CVE-2017-3057", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3057"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30280", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070", "cpe:/a:adobe:acrobat_dc:15.023.20070", "cpe:/a:adobe:reader:11.0.19", "cpe:/a:adobe:acrobat:11.0.19", "cpe:/a:adobe:acrobat_dc:15.006.30280"], "id": "CVE-2017-3057", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3057", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30280:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.023.20070:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:reader:11.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30280:*:*:*:classic:*:*:*"]}], "threatpost": [{"lastseen": "2018-10-06T22:53:50", "bulletinFamily": "info", "cvelist": ["CVE-2017-2989", "CVE-2017-3004", "CVE-2017-3055", "CVE-2017-3056", "CVE-2017-3057", "CVE-2017-3062", "CVE-2017-3063"], "description": "Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today.\n\nThe company warned in a series of security bulletins posted shortly before noon Tuesday that the bulk of the bugs, 44, are critical and could lead to code execution. The 44 code execution bugs marks an uptick over [last month](<https://threatpost.com/adobe-fixes-six-code-execution-bugs-in-flash/124302/>), when Adobe only fixed six code execution bugs in Flash and even in February, when it patched 13 code execution bugs in the software.\n\nAmong the patches are fixes for vulnerabilities uncovered at Pwn2Own, the hacking competition held alongside CanSecWest last month in Vancouver. A team of hackers from Qihoo 360 exploited a heap overflow in the way Reader parsed JPEG200 to take down the PDF software [on the competition\u2019s first da](<https://threatpost.com/hackers-take-down-reader-safari-edge-ubuntu-linux-at-pwn2own-2017/124362/>)y. A group of researchers from Keen Team working for Tencent Security\u2019s Team Sniper, used an info leak in Reader followed by a use after free to get code execution, as well. Keen Team is thanked in [the credits of the Reader advisory](<https://helpx.adobe.com/security/products/acrobat/apsb17-11.html>) for finding the info leak and use after free bugs, CVE-2017-3056 and CVE-2017-3057, and reporting them through Pwn2Own\u2019s sponsor, Trend Micro\u2019s Zero Day Initiative. LiuBenjin, a researcher with Qihoo\u2019s 360 CodeSafe Team, is credited by Adobe for finding the heap overflow (CVE-2017-3055).\n\nOn [Pwn2Own\u2019s second day](<https://threatpost.com/vm-escape-earns-hackers-105k-at-pwn2own/124397/>), hackers from 360 Security Team and Keen Team/Tencent Security exploited two separate use-after-free vulnerabilities in Flash. Both groups were able to elevate Flash to SYSTEM-level as part of their exploits. Yuki Chen, a researcher with 360\u2019s Vulcan Team, and Keen Team were both acknowledged in [today\u2019s Flash advisory](<https://helpx.adobe.com/security/products/flash-player/apsb17-10.html>) for their findings, CVE-2017-3062 and CVE-2017-3063, respectively.\n\nUsers are being encouraged to update to the latest versions of both platforms, 25.0.0.148 for Flash Player, and 2017.009.20044 for Acrobat and Reader DC continuous track, and 2015.006.30306 for Acrobat and Reader DC\u2019s classic track. Users still running the pre-DC version of the software, Acrobat XI, will want to make sure they update to the latest version, 11.0.20.\n\nA critical memory corruption vulnerability in Adobe\u2019s graphic editing software [Photoshop CC](<https://helpx.adobe.com/security/products/photoshop/apsb17-12.html>) was also fixed in Tuesday\u2019s updates. The bug (CVE-2017-3004) stems from the parsing of malicious PCX, or PiCture eXchange, files and could lead to code execution, Adobe warns. A less pressing, unrelated bug \u2013 an unquoted search path vulnerability in the Windows version of Photoshop \u2013 was also fixed.\n\nTwo vulnerabilities were uncovered and fixed in [Adobe\u2019s Creative Cloud desktop app](<https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html>) for Windows on Tuesday as well. While Adobe didn\u2019t refer to either vulnerability as critical, it warned that one vulnerability, a bug related to the directory search path used to find resources could lead to code execution and should be considered important. The other bug stems from improper resource permissions during the start up of some applications through Creative Cloud. Unlike the other patches, the Creative Cloud patch comes with a catch: To fix the issue that can lead to code execution, Creative Cloud users have to update all of their installed apps using the latest version of the desktop app. In some instances this may require logging out and logging back in, Adobe stresses.\n\nCreative Cloud is Adobe\u2019s software as a service platform. The suite gives subscribers access to a slew of apps, including Audition, Photoshop, Premiere Pro, and Bridge, to name a few.\n\nThe updates bring Photoshop CC to version 18.1 for Windows and Macintosh and Creative Cloud to version 4.0.0.185 for Windows.\n\nAdobe Campaign, software that helps companies automate and personalize marketing campaigns, [also received an update](<https://helpx.adobe.com/security/products/campaign/apsb17-09.html>) Tuesday. The latest version, build 8794, addresses a bug branded important by the company. Details around the bug, an input validation bypass (CVE-2017-2989) are scant but Adobe claims it could be exploited to read, write, or delete data from the software\u2019s database.\n", "modified": "2017-04-14T22:29:27", "published": "2017-04-11T14:58:55", "id": "THREATPOST:CC548F78FDE639F4ABD2E2A3A2100238", "href": "https://threatpost.com/adobe-patches-59-vulnerabilities-across-flash-reader-photoshop/124914/", "type": "threatpost", "title": "Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:41:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-3029"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JPEG2000 parsing. The issue results from the lack of proper validation of user-supplied data which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-255/", "id": "ZDI-17-255", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:40:56", "bulletinFamily": "info", "cvelist": ["CVE-2017-3052"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-276/", "id": "ZDI-17-276", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:41:43", "bulletinFamily": "info", "cvelist": ["CVE-2017-3033"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JPEG2000 parsing. The issue results from the lack of proper validation of user-supplied data which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-258/", "id": "ZDI-17-258", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:39:52", "bulletinFamily": "info", "cvelist": ["CVE-2017-3034"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's Array Index. The issue results from the lack of proper validation of user-supplied data which can result in an integer underflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-260/", "id": "ZDI-17-260", "type": "zdi", "title": "Adobe Reader DC XFA Array Index Integer Underflow Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:46", "bulletinFamily": "info", "cvelist": ["CVE-2017-3028"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF images. The issue results from the lack of proper validation of user-supplied data that results in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-254/", "id": "ZDI-17-254", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:38", "bulletinFamily": "info", "cvelist": ["CVE-2017-3049"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-273/", "id": "ZDI-17-273", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-3032"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JPEG2000 parsing. The issue results from the lack of proper validation of user-supplied data which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-257/", "id": "ZDI-17-257", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:41:12", "bulletinFamily": "info", "cvelist": ["CVE-2017-3022"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. The process does not properly validate user-supplied data which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-252/", "id": "ZDI-17-252", "type": "zdi", "title": "Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:40:28", "bulletinFamily": "info", "cvelist": ["CVE-2017-3047"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-06-22T00:00:00", "published": "2017-04-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-271/", "id": "ZDI-17-271", "type": "zdi", "title": "Adobe Reader DC Annotations Object Use-After-Free Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-3057"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Collab.documentToStream method. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "modified": "2017-06-22T00:00:00", "published": "2017-08-01T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-282/", "id": "ZDI-17-282", "type": "zdi", "title": "(Pwn2Own) Adobe Reader DC Collab documentToStream Use-After-Free Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}