Search...

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

2019-01-04T08:13:00

ID THN:ADE75E1067458A6BD1C6FB7BD78E697D
Type thn
Reporter The Hacker News
Modified 2019-01-04T08:13:13

Description

I hope you had biggest, happiest and craziest New Year celebration, but now it’s time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file.

Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems.

Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user.

Both the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt—from Trend Micro's Zero Day Initiative (ZDI).

Critical Adobe Acrobat and Reader Vulnerabilities

The first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead to arbitrary code execution.

Attackers can exploit the flaw by tricking a user into clicking a specially crafted PDF file, which will eventually execute code of their choice with the privileges of the currently logged-in user, allowing attackers to run any malicious software on the victims' computers without their knowledge.

The second vulnerability, discovered by Hariri and identified as CVE-2018-19725, is a security bypass flaw that could result in privilege escalation.

Both security vulnerabilities are rated as critical but has been assigned a priority rating of 2, which means that the company found no evidence of any exploitation of these vulnerabilities in the wild.

Affected Software Versions and Security Patches

Acrobat and Reader DC 2015 version 2015.006.30461 and earlier, 2017 version 2017.011.30110 and earlier, and Continuous version 2019.010.20064 and earlier for the Windows and macOS operating systems are affected by the vulnerabilities.

Adobe has addressed the flaws with the release of the latest versions of Acrobat DC 2015 and Acrobat Reader DC 2015 (version 2015.006.30464), Acrobat 2017 and Acrobat Reader DC 2017 (version 2017.011.30113), and Acrobat DC Continuous and Acrobat Reader DC Continuous (version 2019.010.20069) for Windows and macOS.

Since the vulnerabilities are now public, threat actors would not leave any opportunity to exploit the issues to target user computers, Mac and Windows computer owners are highly recommended to install patches for the two vulnerabilities as soon as possible.

Adobe typically releases security updates for its software on the second Tuesday of the month, just like Microsoft, so you can expect the company to release regular patch updates for the rest of its software in this month's release.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.

JSON Vulners Source

Initial Source

{"id": "THN:ADE75E1067458A6BD1C6FB7BD78E697D", "type": "thn", "bulletinFamily": "info", "title": "Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader", "description": "[![adobe software updates download](https://1.bp.blogspot.com/-OaDbbjTHOic/XC8VFhANFtI/AAAAAAAAy5o/NY7u30qcp3E1TUNXJ4Yu9KDPbO_yWXj1wCLcBGAs/s728-e100/adobe-software-update.jpg)](<https://1.bp.blogspot.com/-OaDbbjTHOic/XC8VFhANFtI/AAAAAAAAy5o/NY7u30qcp3E1TUNXJ4Yu9KDPbO_yWXj1wCLcBGAs/s728-e100/adobe-software-update.jpg>)\n\nI hope you had biggest, happiest and craziest New Year celebration, but now it\u2019s time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. \n \nAdobe has [issued](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems. \n \nThough the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. \n\n\n \nBoth the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt\u2014from Trend Micro's Zero Day Initiative (ZDI). \n \n\n\n## Critical Adobe Acrobat and Reader Vulnerabilities\n\n \nThe first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead to arbitrary code execution. \n \nAttackers can exploit the flaw by tricking a user into clicking a specially crafted PDF file, which will eventually execute code of their choice with the privileges of the currently logged-in user, allowing attackers to run any malicious software on the victims' computers without their knowledge. \n \nThe second vulnerability, discovered by Hariri and identified as CVE-2018-19725, is a security bypass flaw that could result in privilege escalation. \n \nBoth security vulnerabilities are rated as critical but has been assigned a priority rating of 2, which means that the company found no evidence of any exploitation of these vulnerabilities in the wild. \n \n\n\n## Affected Software Versions and Security Patches\n\n \nAcrobat and Reader DC 2015 version 2015.006.30461 and earlier, 2017 version 2017.011.30110 and earlier, and Continuous version 2019.010.20064 and earlier for the Windows and macOS operating systems are affected by the vulnerabilities. \n\n\n \nAdobe has addressed the flaws with the release of the latest versions of Acrobat DC 2015 and Acrobat Reader DC 2015 (version 2015.006.30464), Acrobat 2017 and Acrobat Reader DC 2017 (version 2017.011.30113), and Acrobat DC Continuous and Acrobat Reader DC Continuous (version 2019.010.20069) for Windows and macOS. \n \nSince the vulnerabilities are now public, threat actors would not leave any opportunity to exploit the issues to target user computers, Mac and Windows computer owners are highly recommended to install patches for the two vulnerabilities as soon as possible. \n \nAdobe typically releases security updates for its software on the second Tuesday of the month, just like Microsoft, so you can expect the company to release regular patch updates for the rest of its software in this month's release. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "published": "2019-01-04T08:13:00", "modified": "2019-01-04T08:13:13", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2019/01/adobe-reader-vulnerabilities.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2018-16011", "CVE-2018-19725"], "lastseen": "2019-01-04T08:25:14", "viewCount": 137, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-01-04T08:25:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19725", "CVE-2018-16011"]}, {"type": "threatpost", "idList": ["THREATPOST:4485092AA4CF2297310B013AC161501F", "THREATPOST:17FD05502596AA5CBE03A5D56D3CA715", "THREATPOST:4832A87A56DDF77A0036D1B7C8594B6F", "THREATPOST:8262C6E0DB15A17DC749BCD1D3C68AED"]}, {"type": "zdi", "idList": ["ZDI-19-001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814804", "OPENVAS:1361412562310814807", "OPENVAS:1361412562310814806", "OPENVAS:1361412562310814811", "OPENVAS:1361412562310814801", "OPENVAS:1361412562310814812", "OPENVAS:1361412562310814810", "OPENVAS:1361412562310814805", "OPENVAS:1361412562310814803", "OPENVAS:1361412562310814808"]}, {"type": "nessus", "idList": ["ADOBE_READER_APSB19-07.NASL", "ADOBE_ACROBAT_APSB19-02.NASL", "ADOBE_ACROBAT_APSB19-07.NASL", "ADOBE_READER_APSB19-02.NASL", "MACOSX_ADOBE_ACROBAT_APSB19-07.NASL", "MACOSX_ADOBE_ACROBAT_APSB19-02.NASL", "MACOSX_ADOBE_READER_APSB19-07.NASL", "MACOSX_ADOBE_READER_APSB19-02.NASL"]}, {"type": "kaspersky", "idList": ["KLA11421", "KLA11393"]}], "modified": "2019-01-04T08:25:14", "rev": 2}, "vulnersScore": 7.3}}

{"cve": [{"lastseen": "2020-12-09T20:25:39", "description": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-05T20:15:00", "title": "CVE-2018-19725", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19725"], "modified": "2019-10-10T20:15:00", "cpe": ["cpe:/a:adobe:acrobat_dc:17.011.30113", "cpe:/a:adobe:acrobat_reader_dc:17.011.30113", "cpe:/a:adobe:acrobat_reader_dc:19.010.20069", "cpe:/a:adobe:acrobat_reader_dc:15.006.30464", "cpe:/a:adobe:acrobat_dc:19.010.20069", "cpe:/a:adobe:acrobat_dc:15.006.30464"], "id": "CVE-2018-19725", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19725", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:17.011.30113:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:19.010.20069:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30464:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:19.010.20069:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30113:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30464:*:*:*:classic:*:*:*"]}, {"lastseen": "2020-12-09T20:25:37", "description": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-18T17:29:00", "title": "CVE-2018-16011", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16011"], "modified": "2019-08-21T16:20:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:17.011.30110", "cpe:/a:adobe:acrobat_dc:19.010.20064", "cpe:/a:adobe:acrobat_reader_dc:19.010.20064", "cpe:/a:adobe:acrobat_dc:15.006.30461", "cpe:/a:adobe:acrobat_reader_dc:15.006.30461", "cpe:/a:adobe:acrobat_dc:17.011.30110"], "id": "CVE-2018-16011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16011", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30110:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30461:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30461:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:19.010.20064:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:19.010.20064:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30110:*:*:*:classic:*:*:*"]}], "threatpost": [{"lastseen": "2019-11-04T07:15:29", "bulletinFamily": "info", "cvelist": ["CVE-2018-15981", "CVE-2018-15982", "CVE-2018-16011", "CVE-2018-19725"], "description": "Adobe on Thursday released unscheduled security updates for Adobe Acrobat and Reader for Windows and MacOS.\n\nThe [updates](<https://blogs.adobe.com/psirt/?p=1682>) fix two critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725. Successful exploitation of the flaws could lead to [arbitrary code execution](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) in the context of the current user.\n\nThe first vulnerability, CVE-2018-16011, reported by Sebastian Apelt in conjunction with the Zero Day Initiative, is a critical use-after-free flaw that could enable arbitrary code-execution. The vulnerability had been addressed in a separate issue included in a [previous Adobe advisory](<https://www.qualys.com/research/security-alerts/2018-12-11/adobe/>).\n\nThe second flaw, CVE-2018-19725, reported by Abdul Aziz Hariri, is a critical security bypass vulnerability that allows privilege escalation. That flaw \u201cis a security feature bypass that would allow a privilege escalation, giving an attacker broader access to the system affected,\u201d Chris Goettl, director of product management, security, at Ivanti, told Threatpost.\n\nImpacted are Acrobat DC and Acrobat Reader DC versions 2019.010.20064 and earlier; Acrobat 2017 and Acrobat Reader 2017 versions 2017.011.30110 and earlier; and Acrobat DC and Acrobat Reader DC versions 2015.006.30461 and earlier.\n\nThe patches are a priority 2, meaning that there are no known exploits for the vulnerabilities; but they exist in products that have historically been \u201cat elevated risk,\u201d according to Adobe.\n\n[![adobe patch](https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/03163151/adobe-1024x331.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/03163151/adobe.png>)\n\nAdobe recommends users update to Adobe Acrobat and Reader versions 2019.010.20069, Acrobat 2017 and Acrobat Reader 2017.011.30113 and Acrobat DC and Acrobat Reader DC 2015.006.30464.\n\nThe patch comes on the heels of a busy December for Adobe. The company patched 87 vulnerabilities for Acrobat and Reader in its [December Patch Tuesday](<https://threatpost.com/adobe-december-2018-patch-tuesday/139792/>) update, including a slew of critical flaws that would allow arbitrary code-execution. Beyond that, Adobe Flash had two Zero Day vulnerabilities in late November (CVE-2018-15981) and early [December](<https://threatpost.com/zero-day-microsoft-december-patch-tuesday/139826/>) (CVE-2018-15982).\n\n\u201cBetween this update and the December _[APSB18-41](<https://helpx.adobe.com/security/products/acrobat/apsb18-41.html>)_, which resolved 87 vulnerabilities, it is recommended to ensure that any Adobe Acrobat and Reader instances are updated in the next two to four weeks,\u201d Goettl told us. \u201cYou can also expect an Adobe Flash Player update next week on Patch Tuesday.\u201d\n\nBoth flaws were reported through Trend Micro\u2019s Zero Day Initiative.\n", "modified": "2019-01-04T12:30:54", "published": "2019-01-04T12:30:54", "id": "THREATPOST:17FD05502596AA5CBE03A5D56D3CA715", "href": "https://threatpost.com/adobe-critical-acrobat-reader-flaws/140547/", "type": "threatpost", "title": "Adobe Fixes Two Critical Acrobat and Reader Flaws", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-19T11:36:10", "bulletinFamily": "info", "cvelist": ["CVE-2018-16011", "CVE-2018-19724", "CVE-2018-19725", "CVE-2018-19726", "CVE-2018-19727", "CVE-2019-1491"], "description": "Adobe has issued unscheduled patches for vulnerabilities rated \u201cimportant\u201d across its Experience Manager platform, which allows developers to create mobile apps, social campaigns and landing pages.\n\nOverall, Adobe issued three fixes, including an \u201cimportant\u201d flaw (CVE-2018-19726) and a \u201cmoderate\u201d flaw (CVE-2018-19727) in its [Adobe Experience Manager](<https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html>), and an \u201cimportant\u201d vulnerability (CVE-2018-19724) in its [Adobe Experience Manager Forms](<https://helpx.adobe.com/security/products/aem-forms/apsb19-03.html>).\n\nThe important vulnerability in Adobe\u2019s Experience Manager platform impacts versions 6.0 through 6.4 of the product. The flaw is a stored cross-site scripting glitch that could lead to sensitive information disclosure.\n\nStored cross-site scripting is the most dangerous type of cross-site scripting, according to researchers with [Imperva](<https://www.incapsula.com/web-application-security/cross-site-scripting-xss-attacks.html>). This type of attack occurs when a web application gathers potentially malicious input from a user \u2013 and then stores that input in a data store for later use. The attack could potentially be used to hijack another user\u2019s browser, capture sensitive information, or other malicious uses.\n\n[![cross site scripting patch adobe](https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/22094537/adobe1-300x175.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/22094537/adobe1.png>)\n\nCredit: Imperva\n\nAdobe said that the update for this is a priority 2, meaning that it resolves flaws in a product that have historically been at elevated risk \u2013 but there are currently no known exploits.\n\nThe moderate-rated severity meanwhile is a reflected cross-site scripting vulnerability that could lead to sensitive information disclosure. This flaw specifically impacts Adobe Experience Manager versions 6.3 and 6.4.\n\nReflected cross-site scripting occurs when attackers injects browser executable codes in a single HTTP response. This type of injected attack is less severe because it is not stored within the application itself. Instead, the attack is non-persistent and only impacts users who open a maliciously crafted third-party web page.\n\nOn the Experience Manager Forms front, Adobe released a fix for an important stored cross-site scripting flaw. The forms are often used in large enterprises to create and reuse various digital forms by copying them to a content management system.\n\n\u201cAdobe has released security updates for Adobe Experience Manager Forms,\u201d the company said in its release. \u201cThese updates resolve a stored cross-site scripting vulnerability rated important that could result in sensitive information disclosure.\u201d\n\nThe flaw specifically impacts versions 6.2, 6.3, and 6.4 of Adobe Experience Manager Forms, and is also a priority-2 update. Researcher Adam Willard was credited with reporting the flaw.\n\nAdobe\u2019s latest fixes come after its [regularly scheduled update](<https://threatpost.com/adobe-patches-important-bugs-in-connect-and-digital-edition/140635/>) in January where it released patches for two bugs rated important in its Adobe Digital Edition and Adobe Connect products. The two [important](<https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html>) vulnerabilities include an information-disclosure bug in Adobe\u2019s eBook reader software program, Digital Edition; as well as a session-token exposure bug in its presentation and web conferencing software, Adobe Connect.\n\nIn another [unscheduled update in January](<https://threatpost.com/adobe-critical-acrobat-reader-flaws/140547/>), the company fixed two critical flaws in Adobe Acrobat and Reader for Windows and MacOS. The two critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725, could be successfully exploited to carry out [arbitrary code execution](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) in the context of the current user.\n", "modified": "2019-01-22T15:21:18", "published": "2019-01-22T15:21:18", "id": "THREATPOST:4485092AA4CF2297310B013AC161501F", "href": "https://threatpost.com/adobe-patches-experience-manager/141046/", "type": "threatpost", "title": "Adobe Issues Unscheduled Updates for Experience Manager Platform", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-04T07:14:46", "bulletinFamily": "info", "cvelist": ["CVE-2018-12817", "CVE-2018-15981", "CVE-2018-15982", "CVE-2018-16011", "CVE-2018-19718", "CVE-2018-19725"], "description": "Adobe released patches for two bugs rated \u201cimportant\u201d in its Adobe Digital Edition and Adobe Connect products.\n\nThe two [important](<https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html>) vulnerabilities, patched Tuesday, include an information disclosure bug in Adobe\u2019s ebook reader software program, Digital Edition; as well as a session token exposure bug in its presentation and web conferencing software, Adobe Connect.\n\nThe \u201cimportant\u201d out of bounds read bug, [CVE-2018-12817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12817>), is an information disclosure vulnerability impacting Adobe Digital Edition versions 4.5.9 and earlier, for Windows, macOS, iOS and Android. Jaanus K\u00e4\u00e4p of Clarified Security was credited with discovering the issue.\n\n\u201cAdobe has released a security update for Adobe Digital Editions,\u201d according to Adobe\u2019s release. \u201cThis update resolves an important vulnerability. Successful exploitation could lead to information disclosure in the context of the current user.\u201d\n\nUsers are urged to update Adobe Digital Editions to 4.5.10 in a priority 3 update \u2013 meaning that it \u201cresolves vulnerabilities in a product that has historically not been a target for attackers\u201d according to Adobe.\n\nThe other bug, an \u201cimportant\u201d session token exposure glitch in [Adobe Connect](<https://helpx.adobe.com/security/products/connect/apsb19-05.html>), (CVE-2018-19718) could enable exposure of the privileges granted to a session. Impacted are Adobe Connect versions 9.8.1 and earlier on all platforms. Users are urged to update to Adobe Connect 10.1 in a priority 3 update.\n\nAdobe said that it is not aware of current exploits for either of these vulnerabilities.\n\nThe update comes on the heels of a slew of unscheduled fixes for Adobe Acrobat and Reader for Windows and MacOS [last week](<https://threatpost.com/adobe-critical-acrobat-reader-flaws/140547/>). The [updates](<https://blogs.adobe.com/psirt/?p=1682>) fixed two critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725. Successful exploitation of the flaws could lead to [arbitrary code execution](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) in the context of the current user.\n\nThe patch also comes on the heels of a busy December for Adobe. The company patched 87 vulnerabilities for Acrobat and Reader in its [December Patch Tuesday](<https://threatpost.com/adobe-december-2018-patch-tuesday/139792/>) update, including a slew of critical flaws that would allow arbitrary code-execution.\n\n\u201cClosing out 2018, Adobe Flash had two Zero Day vulnerabilities in late November (CVE-2018-15981) and early December (CVE-2018-15982),\u201d Chris Goettl, director of product management for Security at Ivanti, told Threatpost. \u201cEnsure that Adobe Acrobat, Reader, and Flash Player are part of your monthly maintenance for January.\u201d\n", "modified": "2019-01-08T14:48:36", "published": "2019-01-08T14:48:36", "id": "THREATPOST:8262C6E0DB15A17DC749BCD1D3C68AED", "href": "https://threatpost.com/adobe-patches-important-bugs-in-connect-and-digital-edition/140635/", "type": "threatpost", "title": "Adobe Patches Important Bugs in Connect and Digital Edition", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-17T11:43:35", "bulletinFamily": "info", "cvelist": ["CVE-2018-19725", "CVE-2019-7030", "CVE-2019-7041", "CVE-2019-7090", "CVE-2019-7091", "CVE-2019-7092", "CVE-2019-7093"], "description": "Adobe issued patches for 43 critical vulnerabilities in Acrobat and Reader \u2013 including a fix for a zero-day flaw that researchers at 0patch temporarily fixed on [Monday](<https://threatpost.com/temporary-patch-released-for-adobe-reader-zero-day/141701/>). That bug could enable bad actors to steal victims\u2019 hashed password values.\n\nOverall, Adobe patched 75 important and critical vulnerabilities [across its products,](<https://blogs.adobe.com/psirt/?p=1705>)including Acrobat Reader DC, Adobe Flash Player, Adobe Coldfusion, and Creative Cloud Desktop Application. The Tuesday morning patches are part of Adobe\u2019s regularly-scheduled security updates.\n\nAdobe said it is not aware that any of these vulnerabilities are being actively exploited.\n\n## Acrobat and Reader\n\nAdobe Acrobat and Reader by far [had the most vulnerabilities](<https://helpx.adobe.com/security/products/acrobat/apsb19-07.html>) (71 overall) \u2013 43 of which were dubbed critical severity.\n\nPart of Adobe\u2019s patch roundup includes a permanent fix for the critical vulnerability that was temporarily patched on Monday by 0patch, CVE 2019-7089. This [zero-day vulnerability](<https://threatpost.com/temporary-patch-released-for-adobe-reader-zero-day/141701/>) in Adobe Reader enabled bad actors to steal victims\u2019 hashed password values, known as \u201cNTLM hashes.\u201d\n\nA proof of concept released by security researcher Alex Inf\u00fchr, who reported the vulnerability, allowed a PDF document to automatically send a server message block (SMB) request to an attacker\u2019s server as soon as the document is opened. SMB protocols enable an application or user of an application to access files on a remote server. Embedded in these SMB requests are NTLM hashes (NTLM is short for NT LAN Manager).\n\nTwo other critical vulnerabilities (CVE-2018-19725 and CVE-2019-7041) allowed a security bypass via privilege escalation, according to Abdul-Aziz Hariri with Zero Day Initiative who is credited with finding them.\n\n\u201cCVE-2018-19725 is a vulnerability that was partially patched in January and Adobe rolled the full patch this month,\u201d Hariri told Threatpost. \u201cCVE-2019-7041 is a new vulnerability that allows bypassing JavaScript API restrictions.\u201d\n\nOther than a critical integer overflow flaw (CVE-2019-7030) allowing information disclosure, the remaining critical vulnerabilities enable arbitrary code execution. These include buffer errors, out of bounds write flaws, type confusion glitches and use-after-free vulnerabilities.\n\nImpacted versions include Acrobat DC and Acrobat Reader DC Continuous (versions 2019.010.20069 and earlier); Acrobat and Acrobat Reader Classic 2017 (versions 2017.011.30113 and earlier); and Acrobat DC and Reader DC Classic 2015 (versions 2015.006.30464 and earlier). All impacted versions are on the Windows and macOS platforms.\n\n## ColdFusion Critical Flaw\n\nAnother critical vulnerability (CVE-2019-7091) existed in Adobe\u2019s [ColdFusion product](<https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html>), its commercial rapid web application development platform. The flaw exists due to deserialization of untrusted data, allowing arbitrary code execution.\n\nColdFusion 2018 (update 1 and earlier versions), 2016 (update 7 and earlier versions) and ColdFusion 11 (update 15 and earlier versions) are all impacted. Wang Cheng of Venustech ADLab is credited with discovering the flaw.\n\nAdobe also fixed an important cross-site scripting flaw (CVE-2019-7092) in ColdFusion that could allow information disclosure.\n\n## Other Fixes\n\nOther patched flaws include an important privilege escalation bug (CVE-2019-7093) in [Creative Cloud Desktop Application ](<https://helpx.adobe.com/security/products/creative-cloud/apsb19-11.html>)(versions 4.7.0.400 and earlier) and an important out-of-bounds read flaw (CVE-2019-7090) that could enable information disclosure in versions of [Adobe Flash](<https://helpx.adobe.com/security/products/flash-player/apsb19-06.html>) (including versions 32.0.0.114 and earlier for Desktop Runtime, Google Chrome, Microsoft Edge and IE 11).\n\nFebruary\u2019s scheduled updates topped the number of critical and important vulnerabilities fixed in Adobe\u2019s January [regularly scheduled update](<https://threatpost.com/adobe-patches-important-bugs-in-connect-and-digital-edition/140635/>).\n\nThat update fixed two bugs rated important in its Adobe Digital Edition and Adobe Connect products. The two [important](<https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html>) vulnerabilities include an information-disclosure bug in Adobe\u2019s eBook reader software program, Digital Edition; as well as a session-token exposure bug in its presentation and web conferencing software, Adobe Connect.\n", "modified": "2019-02-12T15:09:48", "published": "2019-02-12T15:09:48", "id": "THREATPOST:4832A87A56DDF77A0036D1B7C8594B6F", "href": "https://threatpost.com/adobe-fixes-43-critical-acrobat-and-reader-flaws/141721/", "type": "threatpost", "title": "Adobe Fixes 43 Critical Acrobat and Reader Flaws", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:27", "bulletinFamily": "info", "cvelist": ["CVE-2018-16011"], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Preflight setDefaultLibrary method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2019-06-22T00:00:00", "published": "2019-01-04T00:00:00", "id": "ZDI-19-001", "href": "https://www.zerodayinitiative.com/advisories/ZDI-19-001/", "title": "Adobe Acrobat Pro DC Preflight setDefaultLibrary Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:03:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814805", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814805\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:36:03 +0530 (Fri, 04 Jan 2019)\");\n\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb19-02)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 version 2017.011.30110\n and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814806", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814806\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:37:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb19-02)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 version 2017.011.30110\n and earlier on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814811", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Security Updates(apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814811\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:47:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30461 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic\n Track) version 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30464 => 15.006.30464\nif(version_is_less(version:vers, test_version:\"15.006.30464\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple arbitrary code execution vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814812", "type": "openvas", "title": "Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities-apsb19-02 (Windows)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814812\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:50:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Classic Track) Multiple Vulnerabilities (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n DC (Classic Track) and is prone to multiple arbitrary code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Classic Track)\n 2015.006.30461 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC (Classic Track)\n version 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30464 => 15.006.30464\nif(version_is_less(version:vers, test_version:\"15.006.30464\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n Classic 2015 and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814809", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02) - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814809\");\n script_version(\"2019-07-05T08:07:19+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:07:19 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:43:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n Classic 2015 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC Classic 2015 version 2015.x\n before 2015.006.30461 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Classic 2015 version\n 2015.006.30464 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2015.006.30461 => 15.006.30461\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30461\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30464 (2015.006.30464)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple arbitrary code execution vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814808", "type": "openvas", "title": "Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814808\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:40:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader 2017 Multiple Vulnerabilities-apsb19-02 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat Reader\n 2017 and is prone to multiple arbitrary code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017.011.30110 and earlier\n versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader 2017 version\n 2017.011.30113 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\n## 2017.011.30110 => 17.011.30110\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30110\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30113 (2017.011.30113)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814801", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814801\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:30:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2019.010.20064 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814802", "type": "openvas", "title": "Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814802\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:32:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Continuous Track)\n 2019.010.20064 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814804", "type": "openvas", "title": "Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02)-Mac OS X\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814804\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:35:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2019.010.20064 and earlier versions on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:03:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "description": "This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2019-01-04T00:00:00", "id": "OPENVAS:1361412562310814803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814803", "type": "openvas", "title": "Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02)-Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_continuous\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814803\");\n script_version(\"2019-07-05T08:29:17+0000\");\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:29:17 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 11:34:03 +0530 (Fri, 04 Jan 2019)\");\n script_name(\"Adobe Acrobat Reader DC (Continuous Track) Security Updates (apsb19-02) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n Reader DC (Continuous Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Use after free error.\n\n - Security bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to conduct arbitrary code execution in the context of the current\n user and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader DC (Continuous Track)\n 2019.010.20064 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader DC Continuous\n version 2019.010.20069 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_cont_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Continuous/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n# 2019.010.20069 => 19.010.20069\nif(version_is_less(version:vers, test_version:\"19.010.20069\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"19.010.20069 (2019.010.20069)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T01:14:51", "description": "The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities : \n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120952);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities : \n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::adobe_reader::get_app_info();\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" },\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:24", "description": "The version of Adobe Reader installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120950);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:26:35", "description": "The version of Adobe Acrobat installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120949);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:27", "description": "The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-04T00:00:00", "title": "Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16011", "CVE-2018-16018"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB19-02.NASL", "href": "https://www.tenable.com/plugins/nessus/120951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120951);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-16011\", \"CVE-2018-16018\");\n\n script_name(english:\"Adobe Acrobat <= 2015.006.30461 / 2017.011.30110 / 2019.010.20064 Multiple Vulnerabilities (APSB19-02)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior or equal to 2015.006.30461, 2017.011.30110, or\n2019.010.20064. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An unspecified use after free vulnerability. An authenticated,\n local attacker can exploit this to execute arbitrary code.\n (CVE-2018-16011)\n\n - An unspecified elevation of privilege vulnerability. An\n authenticated, local attacker can exploit this to gain elevated\n privileges. (CVE-2018-16018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30464 or 2017.011.30113 or\n2019.010.20069 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30461\", \"fixed_version\" : \"15.006.30464\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30110\", \"fixed_version\" : \"17.011.30113\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"19.010.20064\", \"fixed_version\" : \"19.010.20069\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:24", "description": "The version of Adobe Reader installed on the remote macOS host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "title": "Adobe Reader < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7025", "CVE-2019-7052", "CVE-2019-7027", "CVE-2019-7028", "CVE-2019-7078", "CVE-2019-7071", "CVE-2019-7073", "CVE-2019-7086", "CVE-2019-7056", "CVE-2019-7064", "CVE-2019-7067", "CVE-2019-7044", "CVE-2019-7082", "CVE-2019-7046", "CVE-2019-7081", "CVE-2019-7049", "CVE-2019-7031", "CVE-2019-7039", "CVE-2019-7085", "CVE-2019-7019", "CVE-2019-7040", "CVE-2019-7062", "CVE-2019-7058", "CVE-2019-7077", "CVE-2019-7072", "CVE-2019-7087", "CVE-2019-7047", "CVE-2019-7043", "CVE-2019-7060", "CVE-2019-7023", "CVE-2019-7063", "CVE-2019-7037", "CVE-2019-7041", "CVE-2019-7026", "CVE-2019-7074", "CVE-2019-7045", "CVE-2019-7080", "CVE-2019-7054", "CVE-2019-7035", "CVE-2019-7079", "CVE-2019-7084", "CVE-2019-7038", "CVE-2019-7029", "CVE-2019-7065", "CVE-2019-7075", "CVE-2019-7050", "CVE-2019-7083", "CVE-2019-7051", "CVE-2019-7032", "CVE-2019-7059", "CVE-2019-7020", "CVE-2018-19725", "CVE-2019-7069", "CVE-2019-7053", "CVE-2019-7034", "CVE-2019-7024", "CVE-2019-7030", "CVE-2019-7042", "CVE-2019-7089", "CVE-2019-7068", "CVE-2019-7021", "CVE-2019-7018", "CVE-2019-7070", "CVE-2019-7066", "CVE-2019-7036", "CVE-2019-7055", "CVE-2019-7048", "CVE-2019-7033", "CVE-2019-7022", "CVE-2019-7057", "CVE-2019-7076"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB19-07.NASL", "href": "https://www.tenable.com/plugins/nessus/122251", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122251);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2018-19725\",\n \"CVE-2019-7018\",\n \"CVE-2019-7019\",\n \"CVE-2019-7020\",\n \"CVE-2019-7021\",\n \"CVE-2019-7022\",\n \"CVE-2019-7023\",\n \"CVE-2019-7024\",\n \"CVE-2019-7025\",\n \"CVE-2019-7026\",\n \"CVE-2019-7027\",\n \"CVE-2019-7028\",\n \"CVE-2019-7029\",\n \"CVE-2019-7030\",\n \"CVE-2019-7031\",\n \"CVE-2019-7032\",\n \"CVE-2019-7033\",\n \"CVE-2019-7034\",\n \"CVE-2019-7035\",\n \"CVE-2019-7036\",\n \"CVE-2019-7037\",\n \"CVE-2019-7038\",\n \"CVE-2019-7039\",\n \"CVE-2019-7040\",\n \"CVE-2019-7041\",\n \"CVE-2019-7042\",\n \"CVE-2019-7043\",\n \"CVE-2019-7044\",\n \"CVE-2019-7045\",\n \"CVE-2019-7046\",\n \"CVE-2019-7047\",\n \"CVE-2019-7048\",\n \"CVE-2019-7049\",\n \"CVE-2019-7050\",\n \"CVE-2019-7051\",\n \"CVE-2019-7052\",\n \"CVE-2019-7053\",\n \"CVE-2019-7054\",\n \"CVE-2019-7055\",\n \"CVE-2019-7056\",\n \"CVE-2019-7057\",\n \"CVE-2019-7058\",\n \"CVE-2019-7059\",\n \"CVE-2019-7060\",\n \"CVE-2019-7062\",\n \"CVE-2019-7063\",\n \"CVE-2019-7064\",\n \"CVE-2019-7065\",\n \"CVE-2019-7066\",\n \"CVE-2019-7067\",\n \"CVE-2019-7068\",\n \"CVE-2019-7069\",\n \"CVE-2019-7070\",\n \"CVE-2019-7071\",\n \"CVE-2019-7072\",\n \"CVE-2019-7073\",\n \"CVE-2019-7074\",\n \"CVE-2019-7075\",\n \"CVE-2019-7076\",\n \"CVE-2019-7077\",\n \"CVE-2019-7078\",\n \"CVE-2019-7079\",\n \"CVE-2019-7080\",\n \"CVE-2019-7081\",\n \"CVE-2019-7082\",\n \"CVE-2019-7083\",\n \"CVE-2019-7084\",\n \"CVE-2019-7085\",\n \"CVE-2019-7086\",\n \"CVE-2019-7087\",\n \"CVE-2019-7089\"\n );\n script_bugtraq_id(\n 106973,\n 106974,\n 106975,\n 106977,\n 106978,\n 106979,\n 106980,\n 106981,\n 106983,\n 106985\n );\n\n script_name(english:\"Adobe Reader < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2019.010.20091 / 2017.011.30120 /\n2015.006.30475 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30464\", \"fixed_version\" : \"15.006.30475\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20069\", \"fixed_version\" : \"19.010.20091\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30113\", \"fixed_version\" : \"17.011.30120\" }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:26:35", "description": "The version of Adobe Acrobat installed on the remote macOS host is\nprior to 2019.010.20069, 2017.011.30113, 2015.006.30464. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "title": "Adobe Acrobat < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7025", "CVE-2019-7052", "CVE-2019-7027", "CVE-2019-7028", "CVE-2019-7078", "CVE-2019-7071", "CVE-2019-7073", "CVE-2019-7086", "CVE-2019-7056", "CVE-2019-7064", "CVE-2019-7067", "CVE-2019-7044", "CVE-2019-7082", "CVE-2019-7046", "CVE-2019-7081", "CVE-2019-7049", "CVE-2019-7031", "CVE-2019-7039", "CVE-2019-7085", "CVE-2019-7019", "CVE-2019-7040", "CVE-2019-7062", "CVE-2019-7058", "CVE-2019-7077", "CVE-2019-7072", "CVE-2019-7087", "CVE-2019-7047", "CVE-2019-7043", "CVE-2019-7060", "CVE-2019-7023", "CVE-2019-7063", "CVE-2019-7037", "CVE-2019-7041", "CVE-2019-7026", "CVE-2019-7074", "CVE-2019-7045", "CVE-2019-7080", "CVE-2019-7054", "CVE-2019-7035", "CVE-2019-7079", "CVE-2019-7084", "CVE-2019-7038", "CVE-2019-7029", "CVE-2019-7065", "CVE-2019-7075", "CVE-2019-7050", "CVE-2019-7083", "CVE-2019-7051", "CVE-2019-7032", "CVE-2019-7059", "CVE-2019-7020", "CVE-2018-19725", "CVE-2019-7069", "CVE-2019-7053", "CVE-2019-7034", "CVE-2019-7024", "CVE-2019-7030", "CVE-2019-7042", "CVE-2019-7089", "CVE-2019-7068", "CVE-2019-7021", "CVE-2019-7018", "CVE-2019-7070", "CVE-2019-7066", "CVE-2019-7036", "CVE-2019-7055", "CVE-2019-7048", "CVE-2019-7033", "CVE-2019-7022", "CVE-2019-7057", "CVE-2019-7076"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB19-07.NASL", "href": "https://www.tenable.com/plugins/nessus/122250", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122250);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2018-19725\",\n \"CVE-2019-7018\",\n \"CVE-2019-7019\",\n \"CVE-2019-7020\",\n \"CVE-2019-7021\",\n \"CVE-2019-7022\",\n \"CVE-2019-7023\",\n \"CVE-2019-7024\",\n \"CVE-2019-7025\",\n \"CVE-2019-7026\",\n \"CVE-2019-7027\",\n \"CVE-2019-7028\",\n \"CVE-2019-7029\",\n \"CVE-2019-7030\",\n \"CVE-2019-7031\",\n \"CVE-2019-7032\",\n \"CVE-2019-7033\",\n \"CVE-2019-7034\",\n \"CVE-2019-7035\",\n \"CVE-2019-7036\",\n \"CVE-2019-7037\",\n \"CVE-2019-7038\",\n \"CVE-2019-7039\",\n \"CVE-2019-7040\",\n \"CVE-2019-7041\",\n \"CVE-2019-7042\",\n \"CVE-2019-7043\",\n \"CVE-2019-7044\",\n \"CVE-2019-7045\",\n \"CVE-2019-7046\",\n \"CVE-2019-7047\",\n \"CVE-2019-7048\",\n \"CVE-2019-7049\",\n \"CVE-2019-7050\",\n \"CVE-2019-7051\",\n \"CVE-2019-7052\",\n \"CVE-2019-7053\",\n \"CVE-2019-7054\",\n \"CVE-2019-7055\",\n \"CVE-2019-7056\",\n \"CVE-2019-7057\",\n \"CVE-2019-7058\",\n \"CVE-2019-7059\",\n \"CVE-2019-7060\",\n \"CVE-2019-7062\",\n \"CVE-2019-7063\",\n \"CVE-2019-7064\",\n \"CVE-2019-7065\",\n \"CVE-2019-7066\",\n \"CVE-2019-7067\",\n \"CVE-2019-7068\",\n \"CVE-2019-7069\",\n \"CVE-2019-7070\",\n \"CVE-2019-7071\",\n \"CVE-2019-7072\",\n \"CVE-2019-7073\",\n \"CVE-2019-7074\",\n \"CVE-2019-7075\",\n \"CVE-2019-7076\",\n \"CVE-2019-7077\",\n \"CVE-2019-7078\",\n \"CVE-2019-7079\",\n \"CVE-2019-7080\",\n \"CVE-2019-7081\",\n \"CVE-2019-7082\",\n \"CVE-2019-7083\",\n \"CVE-2019-7084\",\n \"CVE-2019-7085\",\n \"CVE-2019-7086\",\n \"CVE-2019-7087\",\n \"CVE-2019-7089\"\n );\n script_bugtraq_id(\n 106973,\n 106974,\n 106975,\n 106977,\n 106978,\n 106979,\n 106980,\n 106981,\n 106983,\n 106985\n );\n\n script_name(english:\"Adobe Acrobat < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is\nprior to 2019.010.20069, 2017.011.30113, 2015.006.30464. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2019.010.20091 / 2017.011.30120 /\n2015.006.30475 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30464\", \"fixed_version\" : \"15.006.30475\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20069\", \"fixed_version\" : \"19.010.20091\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30113\", \"fixed_version\" : \"17.011.30120\" }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:28", "description": "The version of Adobe Acrobat installed on the remote Windows host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "title": "Adobe Acrobat < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7025", "CVE-2019-7052", "CVE-2019-7027", "CVE-2019-7028", "CVE-2019-7078", "CVE-2019-7071", "CVE-2019-7073", "CVE-2019-7086", "CVE-2019-7056", "CVE-2019-7064", "CVE-2019-7067", "CVE-2019-7044", "CVE-2019-7082", "CVE-2019-7046", "CVE-2019-7081", "CVE-2019-7049", "CVE-2019-7031", "CVE-2019-7039", "CVE-2019-7085", "CVE-2019-7019", "CVE-2019-7040", "CVE-2019-7062", "CVE-2019-7058", "CVE-2019-7077", "CVE-2019-7072", "CVE-2019-7087", "CVE-2019-7047", "CVE-2019-7043", "CVE-2019-7060", "CVE-2019-7023", "CVE-2019-7063", "CVE-2019-7037", "CVE-2019-7041", "CVE-2019-7026", "CVE-2019-7074", "CVE-2019-7045", "CVE-2019-7080", "CVE-2019-7054", "CVE-2019-7035", "CVE-2019-7079", "CVE-2019-7084", "CVE-2019-7038", "CVE-2019-7029", "CVE-2019-7065", "CVE-2019-7075", "CVE-2019-7050", "CVE-2019-7083", "CVE-2019-7051", "CVE-2019-7032", "CVE-2019-7059", "CVE-2019-7020", "CVE-2018-19725", "CVE-2019-7069", "CVE-2019-7053", "CVE-2019-7034", "CVE-2019-7024", "CVE-2019-7030", "CVE-2019-7042", "CVE-2019-7089", "CVE-2019-7068", "CVE-2019-7021", "CVE-2019-7018", "CVE-2019-7070", "CVE-2019-7066", "CVE-2019-7036", "CVE-2019-7055", "CVE-2019-7048", "CVE-2019-7033", "CVE-2019-7022", "CVE-2019-7057", "CVE-2019-7076"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB19-07.NASL", "href": "https://www.tenable.com/plugins/nessus/122252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122252);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2018-19725\",\n \"CVE-2019-7018\",\n \"CVE-2019-7019\",\n \"CVE-2019-7020\",\n \"CVE-2019-7021\",\n \"CVE-2019-7022\",\n \"CVE-2019-7023\",\n \"CVE-2019-7024\",\n \"CVE-2019-7025\",\n \"CVE-2019-7026\",\n \"CVE-2019-7027\",\n \"CVE-2019-7028\",\n \"CVE-2019-7029\",\n \"CVE-2019-7030\",\n \"CVE-2019-7031\",\n \"CVE-2019-7032\",\n \"CVE-2019-7033\",\n \"CVE-2019-7034\",\n \"CVE-2019-7035\",\n \"CVE-2019-7036\",\n \"CVE-2019-7037\",\n \"CVE-2019-7038\",\n \"CVE-2019-7039\",\n \"CVE-2019-7040\",\n \"CVE-2019-7041\",\n \"CVE-2019-7042\",\n \"CVE-2019-7043\",\n \"CVE-2019-7044\",\n \"CVE-2019-7045\",\n \"CVE-2019-7046\",\n \"CVE-2019-7047\",\n \"CVE-2019-7048\",\n \"CVE-2019-7049\",\n \"CVE-2019-7050\",\n \"CVE-2019-7051\",\n \"CVE-2019-7052\",\n \"CVE-2019-7053\",\n \"CVE-2019-7054\",\n \"CVE-2019-7055\",\n \"CVE-2019-7056\",\n \"CVE-2019-7057\",\n \"CVE-2019-7058\",\n \"CVE-2019-7059\",\n \"CVE-2019-7060\",\n \"CVE-2019-7062\",\n \"CVE-2019-7063\",\n \"CVE-2019-7064\",\n \"CVE-2019-7065\",\n \"CVE-2019-7066\",\n \"CVE-2019-7067\",\n \"CVE-2019-7068\",\n \"CVE-2019-7069\",\n \"CVE-2019-7070\",\n \"CVE-2019-7071\",\n \"CVE-2019-7072\",\n \"CVE-2019-7073\",\n \"CVE-2019-7074\",\n \"CVE-2019-7075\",\n \"CVE-2019-7076\",\n \"CVE-2019-7077\",\n \"CVE-2019-7078\",\n \"CVE-2019-7079\",\n \"CVE-2019-7080\",\n \"CVE-2019-7081\",\n \"CVE-2019-7082\",\n \"CVE-2019-7083\",\n \"CVE-2019-7084\",\n \"CVE-2019-7085\",\n \"CVE-2019-7086\",\n \"CVE-2019-7087\",\n \"CVE-2019-7089\"\n );\n script_bugtraq_id(\n 106973,\n 106974,\n 106975,\n 106977,\n 106978,\n 106979,\n 106980,\n 106981,\n 106983,\n 106985\n );\n\n script_name(english:\"Adobe Acrobat < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2019.010.20091 / 2017.011.30120 /\n2015.006.30475 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30464\", \"fixed_version\" : \"15.006.30475\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20069\", \"fixed_version\" : \"19.010.20091\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30113\", \"fixed_version\" : \"17.011.30120\" }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:52", "description": "The version of Adobe Reader installed on the remote Windows host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "title": "Adobe Reader < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-7025", "CVE-2019-7052", "CVE-2019-7027", "CVE-2019-7028", "CVE-2019-7078", "CVE-2019-7071", "CVE-2019-7073", "CVE-2019-7086", "CVE-2019-7056", "CVE-2019-7064", "CVE-2019-7067", "CVE-2019-7044", "CVE-2019-7082", "CVE-2019-7046", "CVE-2019-7081", "CVE-2019-7049", "CVE-2019-7031", "CVE-2019-7039", "CVE-2019-7085", "CVE-2019-7019", "CVE-2019-7040", "CVE-2019-7062", "CVE-2019-7058", "CVE-2019-7077", "CVE-2019-7072", "CVE-2019-7087", "CVE-2019-7047", "CVE-2019-7043", "CVE-2019-7060", "CVE-2019-7023", "CVE-2019-7063", "CVE-2019-7037", "CVE-2019-7041", "CVE-2019-7026", "CVE-2019-7074", "CVE-2019-7045", "CVE-2019-7080", "CVE-2019-7054", "CVE-2019-7035", "CVE-2019-7079", "CVE-2019-7084", "CVE-2019-7038", "CVE-2019-7029", "CVE-2019-7065", "CVE-2019-7075", "CVE-2019-7050", "CVE-2019-7083", "CVE-2019-7051", "CVE-2019-7032", "CVE-2019-7059", "CVE-2019-7020", "CVE-2018-19725", "CVE-2019-7069", "CVE-2019-7053", "CVE-2019-7034", "CVE-2019-7024", "CVE-2019-7030", "CVE-2019-7042", "CVE-2019-7089", "CVE-2019-7068", "CVE-2019-7021", "CVE-2019-7018", "CVE-2019-7070", "CVE-2019-7066", "CVE-2019-7036", "CVE-2019-7055", "CVE-2019-7048", "CVE-2019-7033", "CVE-2019-7022", "CVE-2019-7057", "CVE-2019-7076"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB19-07.NASL", "href": "https://www.tenable.com/plugins/nessus/122253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122253);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2018-19725\",\n \"CVE-2019-7018\",\n \"CVE-2019-7019\",\n \"CVE-2019-7020\",\n \"CVE-2019-7021\",\n \"CVE-2019-7022\",\n \"CVE-2019-7023\",\n \"CVE-2019-7024\",\n \"CVE-2019-7025\",\n \"CVE-2019-7026\",\n \"CVE-2019-7027\",\n \"CVE-2019-7028\",\n \"CVE-2019-7029\",\n \"CVE-2019-7030\",\n \"CVE-2019-7031\",\n \"CVE-2019-7032\",\n \"CVE-2019-7033\",\n \"CVE-2019-7034\",\n \"CVE-2019-7035\",\n \"CVE-2019-7036\",\n \"CVE-2019-7037\",\n \"CVE-2019-7038\",\n \"CVE-2019-7039\",\n \"CVE-2019-7040\",\n \"CVE-2019-7041\",\n \"CVE-2019-7042\",\n \"CVE-2019-7043\",\n \"CVE-2019-7044\",\n \"CVE-2019-7045\",\n \"CVE-2019-7046\",\n \"CVE-2019-7047\",\n \"CVE-2019-7048\",\n \"CVE-2019-7049\",\n \"CVE-2019-7050\",\n \"CVE-2019-7051\",\n \"CVE-2019-7052\",\n \"CVE-2019-7053\",\n \"CVE-2019-7054\",\n \"CVE-2019-7055\",\n \"CVE-2019-7056\",\n \"CVE-2019-7057\",\n \"CVE-2019-7058\",\n \"CVE-2019-7059\",\n \"CVE-2019-7060\",\n \"CVE-2019-7062\",\n \"CVE-2019-7063\",\n \"CVE-2019-7064\",\n \"CVE-2019-7065\",\n \"CVE-2019-7066\",\n \"CVE-2019-7067\",\n \"CVE-2019-7068\",\n \"CVE-2019-7069\",\n \"CVE-2019-7070\",\n \"CVE-2019-7071\",\n \"CVE-2019-7072\",\n \"CVE-2019-7073\",\n \"CVE-2019-7074\",\n \"CVE-2019-7075\",\n \"CVE-2019-7076\",\n \"CVE-2019-7077\",\n \"CVE-2019-7078\",\n \"CVE-2019-7079\",\n \"CVE-2019-7080\",\n \"CVE-2019-7081\",\n \"CVE-2019-7082\",\n \"CVE-2019-7083\",\n \"CVE-2019-7084\",\n \"CVE-2019-7085\",\n \"CVE-2019-7086\",\n \"CVE-2019-7087\",\n \"CVE-2019-7089\"\n );\n script_bugtraq_id(\n 106973,\n 106974,\n 106975,\n 106977,\n 106978,\n 106979,\n 106980,\n 106981,\n 106983,\n 106985\n );\n\n script_name(english:\"Adobe Reader < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\nprior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is,\ntherefore, affected by multiple vulnerabilities as referenced in the\nAPSB19-07 advisory.\n\n - Buffer Errors potentially leading to Arbitrary Code\n Execution (CVE-2019-7020, CVE-2019-7085)\n\n - Data leakage (sensitive) potentially leading to\n Information Disclosure (CVE-2019-7089)\n\n - Double Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7080)\n\n - Integer Overflow potentially leading to Information\n Disclosure (CVE-2019-7030)\n\n - Out-of-Bounds Read potentially leading to Information\n Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023,\n CVE-2019-7024, CVE-2019-7028, CVE-2019-7032,\n CVE-2019-7033, CVE-2019-7034, CVE-2019-7035,\n CVE-2019-7036, CVE-2019-7038, CVE-2019-7045,\n CVE-2019-7047, CVE-2019-7049, CVE-2019-7053,\n CVE-2019-7055, CVE-2019-7056, CVE-2019-7057,\n CVE-2019-7058, CVE-2019-7059, CVE-2019-7063,\n CVE-2019-7064, CVE-2019-7065, CVE-2019-7067,\n CVE-2019-7071, CVE-2019-7073, CVE-2019-7074,\n CVE-2019-7081)\n\n - Security bypass potentially leading to Privilege\n Escalation (CVE-2018-19725, CVE-2019-7041)\n\n - Out-of-Bounds Write potentially leading to Arbitrary\n Code Execution (CVE-2019-7019, CVE-2019-7027,\n CVE-2019-7037, CVE-2019-7039, CVE-2019-7052,\n CVE-2019-7060, CVE-2019-7079)\n\n - Type Confusion potentially leading to Arbitrary Code\n Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)\n\n - Untrusted Pointer Dereference potentially leading to\n Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046,\n CVE-2019-7051, CVE-2019-7054, CVE-2019-7066,\n CVE-2019-7076)\n\n - Use After Free potentially leading to Arbitrary Code\n Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026,\n CVE-2019-7029, CVE-2019-7031, CVE-2019-7040,\n CVE-2019-7043, CVE-2019-7044, CVE-2019-7048,\n CVE-2019-7050, CVE-2019-7062, CVE-2019-7068,\n CVE-2019-7070, CVE-2019-7072, CVE-2019-7075,\n CVE-2019-7077, CVE-2019-7078, CVE-2019-7082,\n CVE-2019-7083, CVE-2019-7084)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb19-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2019.010.20091 / 2017.011.30120 /\n2015.006.30475 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::adobe_reader::get_app_info();\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.20zzz = DC Classic\n# x.y.30zzz = DC Continuous\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.006.30464\", \"fixed_version\" : \"15.006.30475\" },\n { \"min_version\" : \"15.8\", \"max_version\" : \"19.010.20069\", \"fixed_version\" : \"19.010.20091\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.011.30113\", \"fixed_version\" : \"17.011.30120\" }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:07", "bulletinFamily": "info", "cvelist": ["CVE-2018-16011", "CVE-2018-16018", "CVE-2019-7131"], "description": "### *Detect date*:\n01/03/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Adobe Acrobat and Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2019.010.20069 \nAdobe Acrobat Reader DC Continuous earlier than 2019.010.20069 \nAdobe Acrobat 2017 (Classic 2017 Track) earlier than 2017.011.30113 \nAdobe Acrobat Reader 2017 (Classic 2017 Track) earlier than 2017.011.30113 \nAdobe Acrobat DC (Classic 2015 Track) earlier than 2015.006.30464 \nAdobe Acrobat Reader DC (Classic 2015 Track) earlier than 2015.006.30464\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[APSB19-02](<https://helpx.adobe.com/security/products/acrobat/apsb19-02.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2018-16018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16018>)0.0Unknown \n[CVE-2018-16011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16011>)7.5Critical \n[CVE-2019-7131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7131>)7.0High", "edition": 8, "modified": "2020-05-22T00:00:00", "published": "2019-01-03T00:00:00", "id": "KLA11393", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11393", "title": "\r KLA11393Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:55:07", "bulletinFamily": "info", "cvelist": ["CVE-2019-7025", "CVE-2019-7052", "CVE-2019-7027", "CVE-2019-7028", "CVE-2019-7078", "CVE-2019-7071", "CVE-2019-7073", "CVE-2019-7086", "CVE-2019-7056", "CVE-2019-7064", "CVE-2019-7067", "CVE-2019-7044", "CVE-2019-7082", "CVE-2019-7046", "CVE-2019-7081", "CVE-2019-7049", "CVE-2019-7031", "CVE-2019-7039", "CVE-2019-7085", "CVE-2019-7019", "CVE-2019-7040", "CVE-2019-7062", "CVE-2019-7058", "CVE-2019-7077", "CVE-2019-7072", "CVE-2019-7087", "CVE-2019-7047", "CVE-2019-7043", "CVE-2019-7060", "CVE-2019-7023", "CVE-2019-7063", "CVE-2019-7037", "CVE-2019-7041", "CVE-2019-7026", "CVE-2019-7074", "CVE-2019-7045", "CVE-2019-7080", "CVE-2019-7054", "CVE-2019-7035", "CVE-2019-7079", "CVE-2019-7084", "CVE-2019-7038", "CVE-2019-7029", "CVE-2019-7065", "CVE-2019-7075", "CVE-2019-7050", "CVE-2019-7083", "CVE-2019-7051", "CVE-2019-7032", "CVE-2019-7059", "CVE-2019-7020", "CVE-2018-19725", "CVE-2019-7069", "CVE-2019-7053", "CVE-2019-7034", "CVE-2019-7024", "CVE-2019-7030", "CVE-2019-7042", "CVE-2019-7089", "CVE-2019-7068", "CVE-2019-7021", "CVE-2019-7018", "CVE-2019-7070", "CVE-2019-7066", "CVE-2019-7036", "CVE-2019-7055", "CVE-2019-7048", "CVE-2019-7033", "CVE-2019-7022", "CVE-2019-7057", "CVE-2019-7076"], "description": "### *Detect date*:\n02/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2019.010.20091 \nAdobe Acrobat Reader DC Continuous earlier than 2019.010.20091 \nAdobe Acrobat 2017 (Classic 2017 Track) earlier than 2017.011.30120 \nAdobe Acrobat Reader 2017 (Classic 2017 Track) earlier than 2017.011.30120 \nAdobe Acrobat DC (Classic 2015 Track) earlier than 2015.006.30475 \nAdobe Acrobat Reader DC (Classic 2015 Track) earlier than 2015.006.30475\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[APSB19-07](<https://helpx.adobe.com/security/products/acrobat/apsb19-07.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2019-7020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7020>)7.7Critical \n[CVE-2019-7085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7085>)0.0Unknown \n[CVE-2019-7089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7089>)0.0Unknown \n[CVE-2019-7080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7080>)0.0Unknown \n[CVE-2019-7030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7030>)0.0Unknown \n[CVE-2019-7021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7021>)0.0Unknown \n[CVE-2019-7022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7022>)0.0Unknown \n[CVE-2019-7023](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7023>)0.0Unknown \n[CVE-2019-7024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7024>)0.0Unknown \n[CVE-2019-7028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7028>)0.0Unknown \n[CVE-2019-7032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7032>)0.0Unknown \n[CVE-2019-7033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7033>)0.0Unknown \n[CVE-2019-7034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7034>)0.0Unknown \n[CVE-2019-7035](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7035>)0.0Unknown \n[CVE-2019-7036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7036>)0.0Unknown \n[CVE-2019-7038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7038>)0.0Unknown \n[CVE-2019-7045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7045>)0.0Unknown \n[CVE-2019-7047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7047>)0.0Unknown \n[CVE-2019-7049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7049>)0.0Unknown \n[CVE-2019-7053](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7053>)0.0Unknown \n[CVE-2019-7055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7055>)0.0Unknown \n[CVE-2019-7056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7056>)0.0Unknown \n[CVE-2019-7057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7057>)0.0Unknown \n[CVE-2019-7058](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7058>)0.0Unknown \n[CVE-2019-7059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7059>)0.0Unknown \n[CVE-2019-7063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7063>)0.0Unknown \n[CVE-2019-7064](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7064>)0.0Unknown \n[CVE-2019-7065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7065>)0.0Unknown \n[CVE-2019-7067](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7067>)0.0Unknown \n[CVE-2019-7071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7071>)0.0Unknown \n[CVE-2019-7073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7073>)0.0Unknown \n[CVE-2019-7074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7074>)0.0Unknown \n[CVE-2019-7081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7081>)0.0Unknown \n[CVE-2018-19725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19725>)0.0Unknown \n[CVE-2019-7041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7041>)0.0Unknown \n[CVE-2019-7019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7019>)0.0Unknown \n[CVE-2019-7027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7027>)0.0Unknown \n[CVE-2019-7037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7037>)0.0Unknown \n[CVE-2019-7039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7039>)0.0Unknown \n[CVE-2019-7052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7052>)0.0Unknown \n[CVE-2019-7060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7060>)0.0Unknown \n[CVE-2019-7079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7079>)0.0Unknown \n[CVE-2019-7069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7069>)0.0Unknown \n[CVE-2019-7086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7086>)0.0Unknown \n[CVE-2019-7087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7087>)0.0Unknown \n[CVE-2019-7042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7042>)0.0Unknown \n[CVE-2019-7046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7046>)0.0Unknown \n[CVE-2019-7051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7051>)0.0Unknown \n[CVE-2019-7054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7054>)0.0Unknown \n[CVE-2019-7066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7066>)0.0Unknown \n[CVE-2019-7076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7076>)0.0Unknown \n[CVE-2019-7018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7018>)0.0Unknown \n[CVE-2019-7025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7025>)0.0Unknown \n[CVE-2019-7026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7026>)0.0Unknown \n[CVE-2019-7029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7029>)0.0Unknown \n[CVE-2019-7031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7031>)0.0Unknown \n[CVE-2019-7040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7040>)0.0Unknown \n[CVE-2019-7043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7043>)0.0Unknown \n[CVE-2019-7044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7044>)0.0Unknown \n[CVE-2019-7048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7048>)0.0Unknown \n[CVE-2019-7050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7050>)0.0Unknown \n[CVE-2019-7062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7062>)0.0Unknown \n[CVE-2019-7068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7068>)0.0Unknown \n[CVE-2019-7070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7070>)0.0Unknown \n[CVE-2019-7072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7072>)0.0Unknown \n[CVE-2019-7075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7075>)0.0Unknown \n[CVE-2019-7077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7077>)0.0Unknown \n[CVE-2019-7078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7078>)0.0Unknown \n[CVE-2019-7082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7082>)0.0Unknown \n[CVE-2019-7083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7083>)0.0Unknown \n[CVE-2019-7084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7084>)0.0Unknown", "edition": 5, "modified": "2020-05-22T00:00:00", "published": "2019-02-12T00:00:00", "id": "KLA11421", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11421", "title": "\r KLA11421Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}