Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability
2016-04-28T00:00:00
ID ZDI-16-273 Type zdi Reporter kdot Modified 2016-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within Graphics State Dictionary parsing. A specially crafted Graphics State Dictionary inside a PDF document can trigger a double free condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
{"hash": "3f008fe165fc059190aafde4c34f2d3156d9b05c97bbd79c50fae7722a3fade1", "edition": 2, "title": "Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability ", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within Graphics State Dictionary parsing. A specially crafted Graphics State Dictionary inside a PDF document can trigger a double free condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "viewCount": 1, "objectVersion": "1.2", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "b6350490d6cadd1fe2efed44f59f943a", "key": "cvelist"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "46a31027f6b70220601156cf2936be80", "key": "description"}, {"hash": "c665ef08f57dadef54cb24abdee64998", "key": "href"}, {"hash": "f2249e2ed581e22fd91c3d42b700b581", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "published"}, {"hash": "b9bf221a630f4b7bfc8a35d186646a6a", "key": "references"}, {"hash": "0dd30a11a548a7f52372b214f0e06bc1", "key": "reporter"}, {"hash": "f728dd0d92649f51ae11efe21da932ea", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvelist": ["CVE-2016-1111"], "bulletinFamily": "info", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-273", "history": [{"bulletin": {"hash": "2b74e9383744970f73173720bbdb8c4232b7ab8559fdebab5fd8c75209c8169f", "id": "ZDI-16-273", "title": "Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability ", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within Graphics State Dictionary parsing. A specially crafted Graphics State Dictionary inside a PDF document can trigger a double free condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "viewCount": 0, "objectVersion": "1.2", "hashmap": [{"hash": "ad986f81a9f95e072e489553e6bed821", "key": "modified"}, {"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "published"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b6350490d6cadd1fe2efed44f59f943a", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "0dd30a11a548a7f52372b214f0e06bc1", "key": "reporter"}, {"hash": "b9bf221a630f4b7bfc8a35d186646a6a", "key": "references"}, {"hash": "f728dd0d92649f51ae11efe21da932ea", "key": "title"}, {"hash": "c665ef08f57dadef54cb24abdee64998", "key": "href"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "46a31027f6b70220601156cf2936be80", "key": "description"}], "cvelist": ["CVE-2016-1111"], "bulletinFamily": "info", "published": "2016-04-28T00:00:00", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb16-02.html"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "reporter": "kdot", "lastseen": "2016-09-04T11:33:55", "history": [], "modified": "2016-09-04T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-273", "type": "zdi"}, "lastseen": "2016-09-04T11:33:55", "edition": 1, "differentElements": ["modified"]}], "id": "ZDI-16-273", "reporter": "kdot", "published": "2016-04-28T00:00:00", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb16-02.html"], "lastseen": "2016-11-09T00:18:12", "modified": "2016-11-09T00:00:00", "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2016-11-09T00:18:12"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1111"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_ACROBAT_APSB16-02.NASL", "ADOBE_ACROBAT_APSB16-02.NASL", "ADOBE_READER_APSB16-02.NASL", "MACOSX_ADOBE_READER_APSB16-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806820", "OPENVAS:1361412562310806846", "OPENVAS:1361412562310806819", "OPENVAS:1361412562310806821"]}], "modified": "2016-11-09T00:18:12"}, "vulnersScore": 6.6}, "type": "zdi"}
{"cve": [{"lastseen": "2019-05-29T18:15:33", "bulletinFamily": "NVD", "description": "Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.\n<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", "modified": "2018-10-30T16:25:00", "id": "CVE-2016-1111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1111", "published": "2016-04-30T10:59:00", "title": "CVE-2016-1111", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:25:51", "bulletinFamily": "scanner", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0935, CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows a remote attacker to bypass restrictions and execute arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the directory search path used to find resources. A remote attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-06-29T00:00:00", "id": "ADOBE_ACROBAT_APSB16-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87917", "published": "2016-01-14T00:00:00", "title": "Adobe Acrobat < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87917);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2016-0931\",\n \"CVE-2016-0932\",\n \"CVE-2016-0933\",\n \"CVE-2016-0934\",\n \"CVE-2016-0935\",\n \"CVE-2016-0936\",\n \"CVE-2016-0937\",\n \"CVE-2016-0938\",\n \"CVE-2016-0939\",\n \"CVE-2016-0940\",\n \"CVE-2016-0941\",\n \"CVE-2016-0942\",\n \"CVE-2016-0943\",\n \"CVE-2016-0944\",\n \"CVE-2016-0945\",\n \"CVE-2016-0946\",\n \"CVE-2016-0947\",\n \"CVE-2016-1111\"\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-273\");\n\n script_name(english:\"Adobe Acrobat < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 11.0.14, 15.006.30119, or 15.010.20056. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0932,\n CVE-2016-0934, CVE-2016-0937, CVE-2016-0940,\n CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,\n CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,\n CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0935,\n CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows\n a remote attacker to bypass restrictions and execute\n arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the\n directory search path used to find resources. A remote\n attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 11.0.14 / 15.006.30119 / 15.010.20056 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# \n# 11.x < 11.0.14\n# DC Classic < 15.006.30119\n# DC Continuous < 15.010.20056\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 13) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30097) ||\n (ver[0] == 15 && ver[1] == 7 ) ||\n (ver[0] == 15 && ver[1] == 8 ) ||\n (ver[0] == 15 && ver[1] == 9 && ver[2] <= 20077)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.14 / 15.006.30119 / 15.010.20056' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:51", "bulletinFamily": "scanner", "description": "The version of Adobe Acrobat installed on the remote Mac OS X host is a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0935, CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows a remote attacker to bypass restrictions and execute arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the directory search path used to find resources. A remote attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-16T00:00:00", "id": "MACOSX_ADOBE_ACROBAT_APSB16-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87919", "published": "2016-01-14T00:00:00", "title": "Adobe Acrobat < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87919);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2016-0931\",\n \"CVE-2016-0932\",\n \"CVE-2016-0933\",\n \"CVE-2016-0934\",\n \"CVE-2016-0935\",\n \"CVE-2016-0936\",\n \"CVE-2016-0937\",\n \"CVE-2016-0938\",\n \"CVE-2016-0939\",\n \"CVE-2016-0940\",\n \"CVE-2016-0941\",\n \"CVE-2016-0942\",\n \"CVE-2016-0943\",\n \"CVE-2016-0944\",\n \"CVE-2016-0945\",\n \"CVE-2016-0946\",\n \"CVE-2016-0947\",\n \"CVE-2016-1111\"\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-273\");\n\n script_name(english:\"Adobe Acrobat < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\na version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0932,\n CVE-2016-0934, CVE-2016-0937, CVE-2016-0940,\n CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,\n CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,\n CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0935,\n CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows\n a remote attacker to bypass restrictions and execute\n arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the\n directory search path used to find resources. A remote\n attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 11.0.14 / 15.006.30119 / 15.010.20056 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# \n# 11.x < 11.0.14\n# DC Classic < 15.006.30119\n# DC Continuous < 15.010.20056\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 13) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30097) ||\n (ver[0] == 15 && ver[1] == 7 ) ||\n (ver[0] == 15 && ver[1] == 8 ) ||\n (ver[0] == 15 && ver[1] == 9 && ver[2] <= 20077)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.14 / 15.006.30119 / 15.010.20056' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:51", "bulletinFamily": "scanner", "description": "The version of Adobe Reader installed on the remote host is a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0935, CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows a remote attacker to bypass restrictions and execute arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the directory search path used to find resources. A remote attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)", "modified": "2018-06-29T00:00:00", "id": "ADOBE_READER_APSB16-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87918", "published": "2016-01-14T00:00:00", "title": "Adobe Reader < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87918);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2016-0931\",\n \"CVE-2016-0932\",\n \"CVE-2016-0933\",\n \"CVE-2016-0934\",\n \"CVE-2016-0935\",\n \"CVE-2016-0936\",\n \"CVE-2016-0937\",\n \"CVE-2016-0938\",\n \"CVE-2016-0939\",\n \"CVE-2016-0940\",\n \"CVE-2016-0941\",\n \"CVE-2016-0942\",\n \"CVE-2016-0943\",\n \"CVE-2016-0944\",\n \"CVE-2016-0945\",\n \"CVE-2016-0946\",\n \"CVE-2016-0947\",\n \"CVE-2016-1111\"\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-273\");\n\n script_name(english:\"Adobe Reader < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is a\nversion prior to 11.0.14, 15.006.30119, or 15.010.20056. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0932,\n CVE-2016-0934, CVE-2016-0937, CVE-2016-0940,\n CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,\n CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,\n CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0935,\n CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows\n a remote attacker to bypass restrictions and execute\n arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the\n directory search path used to find resources. A remote\n attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.14 / 15.006.30119 / 15.010.20056 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# \n# 11.x < 11.0.14\n# DC Classic < 15.006.30119\n# DC Continuous < 15.010.20056\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 13) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30097) ||\n (ver[0] == 15 && ver[1] == 7 ) ||\n (ver[0] == 15 && ver[1] == 8 ) ||\n (ver[0] == 15 && ver[1] == 9 && ver[2] <= 20077)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.14 / 15.006.30119 / 15.010.20056' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:51", "bulletinFamily": "scanner", "description": "The version of Adobe Reader installed on the remote Mac OS X host is a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0935, CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows a remote attacker to bypass restrictions and execute arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the directory search path used to find resources. A remote attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-16T00:00:00", "id": "MACOSX_ADOBE_READER_APSB16-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87920", "published": "2016-01-14T00:00:00", "title": "Adobe Reader < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87920);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2016-0931\",\n \"CVE-2016-0932\",\n \"CVE-2016-0933\",\n \"CVE-2016-0934\",\n \"CVE-2016-0935\",\n \"CVE-2016-0936\",\n \"CVE-2016-0937\",\n \"CVE-2016-0938\",\n \"CVE-2016-0939\",\n \"CVE-2016-0940\",\n \"CVE-2016-0941\",\n \"CVE-2016-0942\",\n \"CVE-2016-0943\",\n \"CVE-2016-0944\",\n \"CVE-2016-0945\",\n \"CVE-2016-0946\",\n \"CVE-2016-0947\",\n \"CVE-2016-1111\"\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-273\");\n\n script_name(english:\"Adobe Reader < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is a\nversion prior to 11.0.14, 15.006.30119, or 15.010.20056. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0932,\n CVE-2016-0934, CVE-2016-0937, CVE-2016-0940,\n CVE-2016-0941)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,\n CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,\n CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)\n\n - Multiple double-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0935,\n CVE-2016-1111)\n\n - A flaw exists in the Global JavaScript API that allows\n a remote attacker to bypass restrictions and execute\n arbitrary code. (CVE-2016-0943)\n\n - A flaw exists in the download manager related to the\n directory search path used to find resources. A remote\n attacker can exploit this execute arbitrary code.\n (CVE-2016-0947)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 11.0.14 / 15.006.30119 / 15.010.20056 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# \n# 11.x < 11.0.14\n# DC Classic < 15.006.30119\n# DC Continuous < 15.010.20056\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 13) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30097) ||\n (ver[0] == 15 && ver[1] == 7 ) ||\n (ver[0] == 15 && ver[1] == 8 ) ||\n (ver[0] == 15 && ver[1] == 9 && ver[2] <= 20077)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.14 / 15.006.30119 / 15.010.20056' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2018-10-24T00:00:00", "published": "2016-01-18T00:00:00", "id": "OPENVAS:1361412562310806820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806820", "title": "Adobe Reader Multiple Vulnerabilities - 01 January16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_mult_vuln01_jan16_win.nasl 12051 2018-10-24 09:14:54Z asteins $\n#\n# Adobe Reader Multiple Vulnerabilities - 01 January16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806820\");\n script_version(\"$Revision: 12051 $\");\n script_cve_id(\"CVE-2016-0931\", \"CVE-2016-0932\", \"CVE-2016-0933\", \"CVE-2016-0934\",\n\t\t\"CVE-2016-0935\", \"CVE-2016-0936\", \"CVE-2016-0937\", \"CVE-2016-0938\",\n\t\t\"CVE-2016-0939\", \"CVE-2016-0940\", \"CVE-2016-0941\", \"CVE-2016-0942\",\n\t\t\"CVE-2016-0943\", \"CVE-2016-0944\", \"CVE-2016-0945\", \"CVE-2016-0946\",\n\t\t\"CVE-2016-0947\", \"CVE-2016-1111\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 11:14:54 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-18 14:04:08 +0530 (Mon, 18 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Reader Multiple Vulnerabilities - 01 January16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Untrusted search path vulnerability in Adobe Download Manager\n\n - Some use-after-free vulnerabilities.\n\n - A double-free vulnerability.\n\n - Some memory leak vulnerabilities.\n\n - Some security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - Some Javascript API execution restriction bypass vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass certain access restrictions and execute arbitrary\n code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.14 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 11.0.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/reader\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.13\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.14\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:04", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-01-18T00:00:00", "id": "OPENVAS:1361412562310806846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806846", "title": "Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806846\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-0931\", \"CVE-2016-0932\", \"CVE-2016-0933\", \"CVE-2016-0934\",\n \"CVE-2016-0935\", \"CVE-2016-0936\", \"CVE-2016-0937\", \"CVE-2016-0938\",\n \"CVE-2016-0939\", \"CVE-2016-0940\", \"CVE-2016-0941\", \"CVE-2016-0942\",\n \"CVE-2016-0943\", \"CVE-2016-0944\", \"CVE-2016-0945\", \"CVE-2016-0946\",\n \"CVE-2016-0947\", \"CVE-2016-1111\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-18 13:37:18 +0530 (Mon, 18 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Untrusted search path vulnerability in Adobe Download Manager\n\n - Some use-after-free vulnerabilities.\n\n - A double-free vulnerability.\n\n - Some memory leak vulnerabilities.\n\n - Some security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - Some Javascript API execution restriction bypass vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass certain access restrictions and execute arbitrary\n code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 11.x before 11.0.14 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 11.0.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.13\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.14\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2018-11-21T00:00:00", "published": "2016-01-18T00:00:00", "id": "OPENVAS:1361412562310806821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806821", "title": "Adobe Reader Multiple Vulnerabilities - 01 January16 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_mult_vuln01_jan16_macosx.nasl 12455 2018-11-21 09:17:27Z cfischer $\n#\n# Adobe Reader Multiple Vulnerabilities - 01 January16 (Mac OS X)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806821\");\n script_version(\"$Revision: 12455 $\");\n script_cve_id(\"CVE-2016-0931\", \"CVE-2016-0932\", \"CVE-2016-0933\", \"CVE-2016-0934\",\n\t\t\"CVE-2016-0935\", \"CVE-2016-0936\", \"CVE-2016-0937\", \"CVE-2016-0938\",\n\t\t\"CVE-2016-0939\", \"CVE-2016-0940\", \"CVE-2016-0941\", \"CVE-2016-0942\",\n\t\t\"CVE-2016-0943\", \"CVE-2016-0944\", \"CVE-2016-0945\", \"CVE-2016-0946\",\n\t\t\"CVE-2016-0947\", \"CVE-2016-1111\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-21 10:17:27 +0100 (Wed, 21 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-18 14:04:08 +0530 (Mon, 18 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Adobe Reader Multiple Vulnerabilities - 01 January16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Untrusted search path vulnerability in Adobe Download Manager\n\n - Some use-after-free vulnerabilities.\n\n - A double-free vulnerability.\n\n - Some memory leak vulnerabilities.\n\n - Some security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - Some Javascript API execution restriction bypass vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass certain access restrictions and execute arbitrary\n code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.14 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 11.0.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/reader\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.13\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.14\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:26:23", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-01-18T00:00:00", "id": "OPENVAS:1361412562310806819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806819", "title": "Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Mac OS X)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806819\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-0931\", \"CVE-2016-0932\", \"CVE-2016-0933\", \"CVE-2016-0934\",\n \"CVE-2016-0935\", \"CVE-2016-0936\", \"CVE-2016-0937\", \"CVE-2016-0938\",\n \"CVE-2016-0939\", \"CVE-2016-0940\", \"CVE-2016-0941\", \"CVE-2016-0942\",\n \"CVE-2016-0943\", \"CVE-2016-0944\", \"CVE-2016-0945\", \"CVE-2016-0946\",\n \"CVE-2016-0947\", \"CVE-2016-1111\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-18 13:37:18 +0530 (Mon, 18 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Adobe Acrobat Multiple Vulnerabilities - 01 January16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Untrusted search path vulnerability in Adobe Download Manager\n\n - Some use-after-free vulnerabilities.\n\n - A double-free vulnerability.\n\n - Some memory leak vulnerabilities.\n\n - Some security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - Some Javascript API execution restriction bypass vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass certain access restrictions and execute arbitrary\n code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 11.x before 11.0.14 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version 11.0.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.13\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.14\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
