Adobe Acrobat Pro DC execDialog Use-After-Free Remote Code Execution Vulnerability
2016-05-10T00:00:00
ID ZDI-16-303 Type zdi Reporter AbdulAziz Hariri - HPE Zero Day Initiative Modified 2016-06-22T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the execDialog method. Specially crafted arguments passed to execDialog can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
{"enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1055"]}, {"type": "nessus", "idList": ["ADOBE_READER_APSB16-14.NASL", "MACOSX_ADOBE_ACROBAT_APSB16-14.NASL", "ADOBE_ACROBAT_APSB16-14.NASL", "MACOSX_ADOBE_READER_APSB16-14.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310807696", "OPENVAS:1361412562310807694", "OPENVAS:1361412562310807695", "OPENVAS:1361412562310807697"]}, {"type": "kaspersky", "idList": ["KLA10807"]}], "modified": "2020-06-22T11:41:29", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2020-06-22T11:41:29", "rev": 2}, "vulnersScore": 8.6}, "edition": 3, "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-303/", "modified": "2016-06-22T00:00:00", "published": "2016-05-10T00:00:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the execDialog method. Specially crafted arguments passed to execDialog can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "bulletinFamily": "info", "viewCount": 3, "title": "Adobe Acrobat Pro DC execDialog Use-After-Free Remote Code Execution Vulnerability", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"], "cvelist": ["CVE-2016-1055"], "type": "zdi", "id": "ZDI-16-303", "lastseen": "2020-06-22T11:41:29", "reporter": "AbdulAziz Hariri - HPE Zero Day Initiative", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "scheme": null}
{"cve": [{"lastseen": "2021-02-02T06:28:02", "description": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-11T10:59:00", "title": "CVE-2016-1055", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1055"], "modified": "2016-12-01T03:04:00", "cpe": ["cpe:/a:adobe:acrobat_dc:15.010.20060", "cpe:/a:adobe:acrobat_reader_dc:15.006.30121", "cpe:/a:adobe:acrobat_reader_dc:15.010.20060", "cpe:/a:adobe:acrobat:11.0.15", "cpe:/a:adobe:acrobat_dc:15.006.30121", "cpe:/a:adobe:reader:11.0.15"], "id": "CVE-2016-1055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1055", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:15.010.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30121:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:reader:11.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:11.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:15.006.30121:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:15.010.20060:*:*:*:continuous:*:*:*"]}], "openvas": [{"lastseen": "2019-07-17T14:25:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-05-12T00:00:00", "id": "OPENVAS:1361412562310807696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807696", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb16-14)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb16-14)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807696\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-1037\", \"CVE-2016-1038\", \"CVE-2016-1039\", \"CVE-2016-1040\",\n\t\t\"CVE-2016-1041\", \"CVE-2016-1042\", \"CVE-2016-1043\", \"CVE-2016-1044\",\n\t\t\"CVE-2016-1045\", \"CVE-2016-1046\", \"CVE-2016-1047\", \"CVE-2016-1048\",\n\t\t\"CVE-2016-1049\", \"CVE-2016-1050\", \"CVE-2016-1051\", \"CVE-2016-1052\",\n\t\t\"CVE-2016-1053\", \"CVE-2016-1054\", \"CVE-2016-1055\", \"CVE-2016-1056\",\n\t\t\"CVE-2016-1057\", \"CVE-2016-1058\", \"CVE-2016-1059\", \"CVE-2016-1060\",\n\t\t\"CVE-2016-1061\", \"CVE-2016-1062\", \"CVE-2016-1063\", \"CVE-2016-1064\",\n\t\t\"CVE-2016-1065\", \"CVE-2016-1066\", \"CVE-2016-1067\", \"CVE-2016-1068\",\n\t\t\"CVE-2016-1069\", \"CVE-2016-1070\", \"CVE-2016-1071\", \"CVE-2016-1072\",\n\t\t\"CVE-2016-1073\", \"CVE-2016-1074\", \"CVE-2016-1075\", \"CVE-2016-1076\",\n\t\t\"CVE-2016-1077\", \"CVE-2016-1078\", \"CVE-2016-1079\", \"CVE-2016-1080\",\n\t\t\"CVE-2016-1081\", \"CVE-2016-1082\", \"CVE-2016-1083\", \"CVE-2016-1084\",\n\t\t\"CVE-2016-1085\", \"CVE-2016-1086\", \"CVE-2016-1087\", \"CVE-2016-1088\",\n\t\t\"CVE-2016-1090\", \"CVE-2016-1092\", \"CVE-2016-1093\", \"CVE-2016-1094\",\n\t\t\"CVE-2016-1095\", \"CVE-2016-1112\", \"CVE-2016-1116\", \"CVE-2016-1117\",\n\t\t\"CVE-2016-1118\", \"CVE-2016-1119\", \"CVE-2016-1120\", \"CVE-2016-1121\",\n\t\t\"CVE-2016-1122\", \"CVE-2016-1123\", \"CVE-2016-1124\", \"CVE-2016-1125\",\n\t\t\"CVE-2016-1126\", \"CVE-2016-1127\", \"CVE-2016-1128\", \"CVE-2016-1129\",\n\t\t\"CVE-2016-1130\", \"CVE-2016-4088\", \"CVE-2016-4089\", \"CVE-2016-4090\",\n\t\t\"CVE-2016-4091\", \"CVE-2016-4092\", \"CVE-2016-4093\", \"CVE-2016-4094\",\n\t\t\"CVE-2016-4096\", \"CVE-2016-4097\", \"CVE-2016-4098\", \"CVE-2016-4099\",\n\t\t\"CVE-2016-4100\", \"CVE-2016-4101\", \"CVE-2016-4102\", \"CVE-2016-4103\",\n\t\t\"CVE-2016-4104\", \"CVE-2016-4105\", \"CVE-2016-4106\", \"CVE-2016-4107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-12 10:27:43 +0530 (Thu, 12 May 2016)\");\n script_name(\"Adobe Acrobat Security Updates(apsb16-14)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple heap buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\n\n - An integer overflow vulnerability.\n\n - Multiple vulnerabilities in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker to execute arbitrary code or cause a\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.16 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.15\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.16\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-05-12T00:00:00", "id": "OPENVAS:1361412562310807695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807695", "type": "openvas", "title": "Adobe Reader Security Updates(apsb16-14)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb16-14)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807695\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-1037\", \"CVE-2016-1038\", \"CVE-2016-1039\", \"CVE-2016-1040\",\n\t\t\"CVE-2016-1041\", \"CVE-2016-1042\", \"CVE-2016-1043\", \"CVE-2016-1044\",\n\t\t\"CVE-2016-1045\", \"CVE-2016-1046\", \"CVE-2016-1047\", \"CVE-2016-1048\",\n\t\t\"CVE-2016-1049\", \"CVE-2016-1050\", \"CVE-2016-1051\", \"CVE-2016-1052\",\n\t\t\"CVE-2016-1053\", \"CVE-2016-1054\", \"CVE-2016-1055\", \"CVE-2016-1056\",\n\t\t\"CVE-2016-1057\", \"CVE-2016-1058\", \"CVE-2016-1059\", \"CVE-2016-1060\",\n\t\t\"CVE-2016-1061\", \"CVE-2016-1062\", \"CVE-2016-1063\", \"CVE-2016-1064\",\n\t\t\"CVE-2016-1065\", \"CVE-2016-1066\", \"CVE-2016-1067\", \"CVE-2016-1068\",\n\t\t\"CVE-2016-1069\", \"CVE-2016-1070\", \"CVE-2016-1071\", \"CVE-2016-1072\",\n\t\t\"CVE-2016-1073\", \"CVE-2016-1074\", \"CVE-2016-1075\", \"CVE-2016-1076\",\n\t\t\"CVE-2016-1077\", \"CVE-2016-1078\", \"CVE-2016-1079\", \"CVE-2016-1080\",\n\t\t\"CVE-2016-1081\", \"CVE-2016-1082\", \"CVE-2016-1083\", \"CVE-2016-1084\",\n\t\t\"CVE-2016-1085\", \"CVE-2016-1086\", \"CVE-2016-1087\", \"CVE-2016-1088\",\n\t\t\"CVE-2016-1090\", \"CVE-2016-1092\", \"CVE-2016-1093\", \"CVE-2016-1094\",\n\t\t\"CVE-2016-1095\", \"CVE-2016-1112\", \"CVE-2016-1116\", \"CVE-2016-1117\",\n\t\t\"CVE-2016-1118\", \"CVE-2016-1119\", \"CVE-2016-1120\", \"CVE-2016-1121\",\n\t\t\"CVE-2016-1122\", \"CVE-2016-1123\", \"CVE-2016-1124\", \"CVE-2016-1125\",\n\t\t\"CVE-2016-1126\", \"CVE-2016-1127\", \"CVE-2016-1128\", \"CVE-2016-1129\",\n\t\t\"CVE-2016-1130\", \"CVE-2016-4088\", \"CVE-2016-4089\", \"CVE-2016-4090\",\n\t\t\"CVE-2016-4091\", \"CVE-2016-4092\", \"CVE-2016-4093\", \"CVE-2016-4094\",\n\t\t\"CVE-2016-4096\", \"CVE-2016-4097\", \"CVE-2016-4098\", \"CVE-2016-4099\",\n\t\t\"CVE-2016-4100\", \"CVE-2016-4101\", \"CVE-2016-4102\", \"CVE-2016-4103\",\n\t\t\"CVE-2016-4104\", \"CVE-2016-4105\", \"CVE-2016-4106\", \"CVE-2016-4107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-12 10:27:43 +0530 (Thu, 12 May 2016)\");\n script_name(\"Adobe Reader Security Updates(apsb16-14)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple heap buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\n\n - An integer overflow vulnerability.\n\n - Multiple vulnerabilities in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker to execute arbitrary code or cause a\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.16 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.15\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.16\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-05-12T00:00:00", "id": "OPENVAS:1361412562310807697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807697", "type": "openvas", "title": "Adobe Acrobat Security Updates(apsb16-14)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat Security Updates(apsb16-14)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807697\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-1037\", \"CVE-2016-1038\", \"CVE-2016-1039\", \"CVE-2016-1040\",\n\t\t\"CVE-2016-1041\", \"CVE-2016-1042\", \"CVE-2016-1043\", \"CVE-2016-1044\",\n\t\t\"CVE-2016-1045\", \"CVE-2016-1046\", \"CVE-2016-1047\", \"CVE-2016-1048\",\n\t\t\"CVE-2016-1049\", \"CVE-2016-1050\", \"CVE-2016-1051\", \"CVE-2016-1052\",\n\t\t\"CVE-2016-1053\", \"CVE-2016-1054\", \"CVE-2016-1055\", \"CVE-2016-1056\",\n\t\t\"CVE-2016-1057\", \"CVE-2016-1058\", \"CVE-2016-1059\", \"CVE-2016-1060\",\n\t\t\"CVE-2016-1061\", \"CVE-2016-1062\", \"CVE-2016-1063\", \"CVE-2016-1064\",\n\t\t\"CVE-2016-1065\", \"CVE-2016-1066\", \"CVE-2016-1067\", \"CVE-2016-1068\",\n\t\t\"CVE-2016-1069\", \"CVE-2016-1070\", \"CVE-2016-1071\", \"CVE-2016-1072\",\n\t\t\"CVE-2016-1073\", \"CVE-2016-1074\", \"CVE-2016-1075\", \"CVE-2016-1076\",\n\t\t\"CVE-2016-1077\", \"CVE-2016-1078\", \"CVE-2016-1079\", \"CVE-2016-1080\",\n\t\t\"CVE-2016-1081\", \"CVE-2016-1082\", \"CVE-2016-1083\", \"CVE-2016-1084\",\n\t\t\"CVE-2016-1085\", \"CVE-2016-1086\", \"CVE-2016-1087\", \"CVE-2016-1088\",\n\t\t\"CVE-2016-1090\", \"CVE-2016-1092\", \"CVE-2016-1093\", \"CVE-2016-1094\",\n\t\t\"CVE-2016-1095\", \"CVE-2016-1112\", \"CVE-2016-1116\", \"CVE-2016-1117\",\n\t\t\"CVE-2016-1118\", \"CVE-2016-1119\", \"CVE-2016-1120\", \"CVE-2016-1121\",\n\t\t\"CVE-2016-1122\", \"CVE-2016-1123\", \"CVE-2016-1124\", \"CVE-2016-1125\",\n\t\t\"CVE-2016-1126\", \"CVE-2016-1127\", \"CVE-2016-1128\", \"CVE-2016-1129\",\n\t\t\"CVE-2016-1130\", \"CVE-2016-4088\", \"CVE-2016-4089\", \"CVE-2016-4090\",\n\t\t\"CVE-2016-4091\", \"CVE-2016-4092\", \"CVE-2016-4093\", \"CVE-2016-4094\",\n\t\t\"CVE-2016-4096\", \"CVE-2016-4097\", \"CVE-2016-4098\", \"CVE-2016-4099\",\n\t\t\"CVE-2016-4100\", \"CVE-2016-4101\", \"CVE-2016-4102\", \"CVE-2016-4103\",\n\t\t\"CVE-2016-4104\", \"CVE-2016-4105\", \"CVE-2016-4106\", \"CVE-2016-4107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-12 10:27:43 +0530 (Thu, 12 May 2016)\");\n script_name(\"Adobe Acrobat Security Updates(apsb16-14)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple heap buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\n\n - An integer overflow vulnerability.\n\n - Multiple vulnerabilities in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker to execute arbitrary code or cause a\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before 11.0.16 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.15\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.16\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-05-12T00:00:00", "id": "OPENVAS:1361412562310807694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807694", "type": "openvas", "title": "Adobe Reader Security Updates(apsb16-14)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Security Updates(apsb16-14)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807694\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-1037\", \"CVE-2016-1038\", \"CVE-2016-1039\", \"CVE-2016-1040\",\n\t\t\"CVE-2016-1041\", \"CVE-2016-1042\", \"CVE-2016-1043\", \"CVE-2016-1044\",\n\t\t\"CVE-2016-1045\", \"CVE-2016-1046\", \"CVE-2016-1047\", \"CVE-2016-1048\",\n\t\t\"CVE-2016-1049\", \"CVE-2016-1050\", \"CVE-2016-1051\", \"CVE-2016-1052\",\n\t\t\"CVE-2016-1053\", \"CVE-2016-1054\", \"CVE-2016-1055\", \"CVE-2016-1056\",\n\t\t\"CVE-2016-1057\", \"CVE-2016-1058\", \"CVE-2016-1059\", \"CVE-2016-1060\",\n\t\t\"CVE-2016-1061\", \"CVE-2016-1062\", \"CVE-2016-1063\", \"CVE-2016-1064\",\n\t\t\"CVE-2016-1065\", \"CVE-2016-1066\", \"CVE-2016-1067\", \"CVE-2016-1068\",\n\t\t\"CVE-2016-1069\", \"CVE-2016-1070\", \"CVE-2016-1071\", \"CVE-2016-1072\",\n\t\t\"CVE-2016-1073\", \"CVE-2016-1074\", \"CVE-2016-1075\", \"CVE-2016-1076\",\n\t\t\"CVE-2016-1077\", \"CVE-2016-1078\", \"CVE-2016-1079\", \"CVE-2016-1080\",\n\t\t\"CVE-2016-1081\", \"CVE-2016-1082\", \"CVE-2016-1083\", \"CVE-2016-1084\",\n\t\t\"CVE-2016-1085\", \"CVE-2016-1086\", \"CVE-2016-1087\", \"CVE-2016-1088\",\n\t\t\"CVE-2016-1090\", \"CVE-2016-1092\", \"CVE-2016-1093\", \"CVE-2016-1094\",\n\t\t\"CVE-2016-1095\", \"CVE-2016-1112\", \"CVE-2016-1116\", \"CVE-2016-1117\",\n\t\t\"CVE-2016-1118\", \"CVE-2016-1119\", \"CVE-2016-1120\", \"CVE-2016-1121\",\n\t\t\"CVE-2016-1122\", \"CVE-2016-1123\", \"CVE-2016-1124\", \"CVE-2016-1125\",\n\t\t\"CVE-2016-1126\", \"CVE-2016-1127\", \"CVE-2016-1128\", \"CVE-2016-1129\",\n\t\t\"CVE-2016-1130\", \"CVE-2016-4088\", \"CVE-2016-4089\", \"CVE-2016-4090\",\n\t\t\"CVE-2016-4091\", \"CVE-2016-4092\", \"CVE-2016-4093\", \"CVE-2016-4094\",\n\t\t\"CVE-2016-4096\", \"CVE-2016-4097\", \"CVE-2016-4098\", \"CVE-2016-4099\",\n\t\t\"CVE-2016-4100\", \"CVE-2016-4101\", \"CVE-2016-4102\", \"CVE-2016-4103\",\n\t\t\"CVE-2016-4104\", \"CVE-2016-4105\", \"CVE-2016-4106\", \"CVE-2016-4107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-12 10:27:43 +0530 (Thu, 12 May 2016)\");\n script_name(\"Adobe Reader Security Updates(apsb16-14)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple heap buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\n\n - An integer overflow vulnerability.\n\n - Multiple vulnerabilities in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attacker to execute arbitrary code or cause a\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before 11.0.16 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.15\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.16\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:34", "bulletinFamily": "info", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-4119", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "description": "### *Detect date*:\n05/10/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nAdobe Acrobat Reader DC Continuous versions earlier than 15.016.20039 \nAdobe Acrobat XI versions earlier than 11.0.16 \nAdobe Acrobat Reader XI versions earlier than 11.0.16 \nAdobe Acrobat DC Classic versions earlier than 15.006.30172 \nAdobe Acrobat Reader DC Classic versions earlier than 15.006.30172 \nAdobe Acrobat DC Continuous versions earlier than 15.016.20039\n\n### *Solution*:\nUpdate to the latest version \n[Get reader](<https://get.adobe.com/ru/reader/>)\n\n### *Original advisories*:\n[Adobe security bulletin](<https://helpx.adobe.com/security/products/acrobat/apsb16-14.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader XI](<https://threats.kaspersky.com/en/product/Adobe-Reader-XI/>)\n\n### *CVE-IDS*:\n[CVE-2016-1037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1037>)0.0Unknown \n[CVE-2016-1038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1038>)0.0Unknown \n[CVE-2016-1039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1039>)0.0Unknown \n[CVE-2016-1040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1040>)0.0Unknown \n[CVE-2016-1041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1041>)0.0Unknown \n[CVE-2016-1042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1042>)0.0Unknown \n[CVE-2016-1043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1043>)0.0Unknown \n[CVE-2016-1044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1044>)0.0Unknown \n[CVE-2016-1045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1045>)0.0Unknown \n[CVE-2016-1046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1046>)0.0Unknown \n[CVE-2016-1047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1047>)0.0Unknown \n[CVE-2016-1048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1048>)0.0Unknown \n[CVE-2016-1049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1049>)0.0Unknown \n[CVE-2016-1050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1050>)0.0Unknown \n[CVE-2016-1051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1051>)0.0Unknown \n[CVE-2016-1052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1052>)0.0Unknown \n[CVE-2016-1053](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1053>)0.0Unknown \n[CVE-2016-1054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1054>)0.0Unknown \n[CVE-2016-1055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1055>)0.0Unknown \n[CVE-2016-1056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1056>)0.0Unknown \n[CVE-2016-1057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1057>)0.0Unknown \n[CVE-2016-1058](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1058>)0.0Unknown \n[CVE-2016-1059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1059>)0.0Unknown \n[CVE-2016-1060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1060>)0.0Unknown \n[CVE-2016-1061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1061>)0.0Unknown \n[CVE-2016-1062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1062>)0.0Unknown \n[CVE-2016-1063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1063>)0.0Unknown \n[CVE-2016-1064](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1064>)0.0Unknown \n[CVE-2016-1065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1065>)0.0Unknown \n[CVE-2016-1066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1066>)0.0Unknown \n[CVE-2016-1067](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1067>)0.0Unknown \n[CVE-2016-1068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1068>)0.0Unknown \n[CVE-2016-1069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1069>)0.0Unknown \n[CVE-2016-1070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1070>)0.0Unknown \n[CVE-2016-1071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1071>)0.0Unknown \n[CVE-2016-1072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1072>)0.0Unknown \n[CVE-2016-1073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1073>)0.0Unknown \n[CVE-2016-1074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1074>)0.0Unknown \n[CVE-2016-1075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1075>)0.0Unknown \n[CVE-2016-1076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1076>)0.0Unknown \n[CVE-2016-1077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1077>)0.0Unknown \n[CVE-2016-1078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1078>)0.0Unknown \n[CVE-2016-1079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1079>)0.0Unknown \n[CVE-2016-1080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1080>)0.0Unknown \n[CVE-2016-1081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1081>)0.0Unknown \n[CVE-2016-1082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1082>)0.0Unknown \n[CVE-2016-1083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1083>)0.0Unknown \n[CVE-2016-1084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1084>)0.0Unknown \n[CVE-2016-1085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1085>)0.0Unknown \n[CVE-2016-1086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1086>)0.0Unknown \n[CVE-2016-1087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1087>)0.0Unknown \n[CVE-2016-1088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1088>)0.0Unknown \n[CVE-2016-1090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1090>)0.0Unknown \n[CVE-2016-1092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1092>)0.0Unknown \n[CVE-2016-1093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1093>)0.0Unknown \n[CVE-2016-1094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1094>)0.0Unknown \n[CVE-2016-1095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1095>)0.0Unknown \n[CVE-2016-1112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1112>)0.0Unknown \n[CVE-2016-1116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1116>)0.0Unknown \n[CVE-2016-1117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1117>)0.0Unknown \n[CVE-2016-1118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1118>)0.0Unknown \n[CVE-2016-1119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1119>)0.0Unknown \n[CVE-2016-1120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1120>)0.0Unknown \n[CVE-2016-1121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1121>)0.0Unknown \n[CVE-2016-1122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1122>)0.0Unknown \n[CVE-2016-1123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1123>)0.0Unknown \n[CVE-2016-1124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1124>)0.0Unknown \n[CVE-2016-1125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1125>)0.0Unknown \n[CVE-2016-1126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1126>)0.0Unknown \n[CVE-2016-1127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1127>)0.0Unknown \n[CVE-2016-1128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1128>)0.0Unknown \n[CVE-2016-1129](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1129>)0.0Unknown \n[CVE-2016-1130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1130>)0.0Unknown \n[CVE-2016-4088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4088>)0.0Unknown \n[CVE-2016-4089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4089>)0.0Unknown \n[CVE-2016-4090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4090>)0.0Unknown \n[CVE-2016-4091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4091>)0.0Unknown \n[CVE-2016-4092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4092>)0.0Unknown \n[CVE-2016-4093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4093>)0.0Unknown \n[CVE-2016-4094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4094>)0.0Unknown \n[CVE-2016-4096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4096>)0.0Unknown \n[CVE-2016-4097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4097>)0.0Unknown \n[CVE-2016-4098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4098>)0.0Unknown \n[CVE-2016-4099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4099>)0.0Unknown \n[CVE-2016-4100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4100>)0.0Unknown \n[CVE-2016-4101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4101>)0.0Unknown \n[CVE-2016-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4102>)0.0Unknown \n[CVE-2016-4103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4103>)0.0Unknown \n[CVE-2016-4104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4104>)0.0Unknown \n[CVE-2016-4105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4105>)0.0Unknown \n[CVE-2016-4106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4106>)0.0Unknown \n[CVE-2016-4107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4107>)0.0Unknown \n[CVE-2016-4119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4119>)0.0Unknown\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 42, "modified": "2020-06-18T00:00:00", "published": "2016-05-10T00:00:00", "id": "KLA10807", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10807", "title": "\r KLA10807Multiple vulnerabilities in Adobe Acrobat ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-03-01T01:15:35", "description": "The version of Adobe Acrobat installed on the remote Windows host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "title": "Adobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-4119", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB16-14.NASL", "href": "https://www.tenable.com/plugins/nessus/91096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91096);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1037\",\n \"CVE-2016-1038\",\n \"CVE-2016-1039\",\n \"CVE-2016-1040\",\n \"CVE-2016-1041\",\n \"CVE-2016-1042\",\n \"CVE-2016-1043\",\n \"CVE-2016-1044\",\n \"CVE-2016-1045\",\n \"CVE-2016-1046\",\n \"CVE-2016-1047\",\n \"CVE-2016-1048\",\n \"CVE-2016-1049\",\n \"CVE-2016-1050\",\n \"CVE-2016-1051\",\n \"CVE-2016-1052\",\n \"CVE-2016-1053\",\n \"CVE-2016-1054\",\n \"CVE-2016-1055\",\n \"CVE-2016-1056\",\n \"CVE-2016-1057\",\n \"CVE-2016-1058\",\n \"CVE-2016-1059\",\n \"CVE-2016-1060\",\n \"CVE-2016-1061\",\n \"CVE-2016-1062\",\n \"CVE-2016-1063\",\n \"CVE-2016-1064\",\n \"CVE-2016-1065\",\n \"CVE-2016-1066\",\n \"CVE-2016-1067\",\n \"CVE-2016-1068\",\n \"CVE-2016-1069\",\n \"CVE-2016-1070\",\n \"CVE-2016-1071\",\n \"CVE-2016-1072\",\n \"CVE-2016-1073\",\n \"CVE-2016-1074\",\n \"CVE-2016-1075\",\n \"CVE-2016-1076\",\n \"CVE-2016-1077\",\n \"CVE-2016-1078\",\n \"CVE-2016-1079\",\n \"CVE-2016-1080\",\n \"CVE-2016-1081\",\n \"CVE-2016-1082\",\n \"CVE-2016-1083\",\n \"CVE-2016-1084\",\n \"CVE-2016-1085\",\n \"CVE-2016-1086\",\n \"CVE-2016-1087\",\n \"CVE-2016-1088\",\n \"CVE-2016-1090\",\n \"CVE-2016-1092\",\n \"CVE-2016-1093\",\n \"CVE-2016-1094\",\n \"CVE-2016-1095\",\n \"CVE-2016-1112\",\n \"CVE-2016-1116\",\n \"CVE-2016-1117\",\n \"CVE-2016-1118\",\n \"CVE-2016-1119\",\n \"CVE-2016-1120\",\n \"CVE-2016-1121\",\n \"CVE-2016-1122\",\n \"CVE-2016-1123\",\n \"CVE-2016-1124\",\n \"CVE-2016-1125\",\n \"CVE-2016-1126\",\n \"CVE-2016-1127\",\n \"CVE-2016-1128\",\n \"CVE-2016-1129\",\n \"CVE-2016-1130\",\n \"CVE-2016-4088\",\n \"CVE-2016-4089\",\n \"CVE-2016-4090\",\n \"CVE-2016-4091\",\n \"CVE-2016-4092\",\n \"CVE-2016-4093\",\n \"CVE-2016-4094\",\n \"CVE-2016-4096\",\n \"CVE-2016-4097\",\n \"CVE-2016-4098\",\n \"CVE-2016-4099\",\n \"CVE-2016-4100\",\n \"CVE-2016-4101\",\n \"CVE-2016-4102\",\n \"CVE-2016-4103\",\n \"CVE-2016-4104\",\n \"CVE-2016-4105\",\n \"CVE-2016-4106\",\n \"CVE-2016-4107\",\n \"CVE-2016-4119\"\n );\n script_bugtraq_id(90517);\n script_xref(name:\"ZDI\", value:\"ZDI-16-285\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-286\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-287\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-288\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-289\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-290\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-291\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-292\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-293\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-294\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-295\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-296\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-297\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-298\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-299\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-300\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-301\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-302\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-303\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-304\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-305\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-306\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-307\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-308\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-309\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-310\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-311\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-312\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-313\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-315\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-316\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-317\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-318\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-319\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-320\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-321\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-322\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-323\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-324\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-325\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-326\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-327\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-328\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-329\");\n\n script_name(english:\"Adobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.16 / 15.006.30172 / 15.016.20039\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n# \n# 11.x < 11.0.16\n# DC Classic < 15.006.30172\n# DC Continuous < 15.016.20039\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 15) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30171) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 15) ||\n (ver[0] == 15 && ver[1] == 16 && ver[2] <= 20038)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.16 / 15.006.30172 / 15.016.20039' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:17:04", "description": "The version of Adobe Reader installed on the remote Windows host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "title": "Adobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-4119", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB16-14.NASL", "href": "https://www.tenable.com/plugins/nessus/91097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91097);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1037\",\n \"CVE-2016-1038\",\n \"CVE-2016-1039\",\n \"CVE-2016-1040\",\n \"CVE-2016-1041\",\n \"CVE-2016-1042\",\n \"CVE-2016-1043\",\n \"CVE-2016-1044\",\n \"CVE-2016-1045\",\n \"CVE-2016-1046\",\n \"CVE-2016-1047\",\n \"CVE-2016-1048\",\n \"CVE-2016-1049\",\n \"CVE-2016-1050\",\n \"CVE-2016-1051\",\n \"CVE-2016-1052\",\n \"CVE-2016-1053\",\n \"CVE-2016-1054\",\n \"CVE-2016-1055\",\n \"CVE-2016-1056\",\n \"CVE-2016-1057\",\n \"CVE-2016-1058\",\n \"CVE-2016-1059\",\n \"CVE-2016-1060\",\n \"CVE-2016-1061\",\n \"CVE-2016-1062\",\n \"CVE-2016-1063\",\n \"CVE-2016-1064\",\n \"CVE-2016-1065\",\n \"CVE-2016-1066\",\n \"CVE-2016-1067\",\n \"CVE-2016-1068\",\n \"CVE-2016-1069\",\n \"CVE-2016-1070\",\n \"CVE-2016-1071\",\n \"CVE-2016-1072\",\n \"CVE-2016-1073\",\n \"CVE-2016-1074\",\n \"CVE-2016-1075\",\n \"CVE-2016-1076\",\n \"CVE-2016-1077\",\n \"CVE-2016-1078\",\n \"CVE-2016-1079\",\n \"CVE-2016-1080\",\n \"CVE-2016-1081\",\n \"CVE-2016-1082\",\n \"CVE-2016-1083\",\n \"CVE-2016-1084\",\n \"CVE-2016-1085\",\n \"CVE-2016-1086\",\n \"CVE-2016-1087\",\n \"CVE-2016-1088\",\n \"CVE-2016-1090\",\n \"CVE-2016-1092\",\n \"CVE-2016-1093\",\n \"CVE-2016-1094\",\n \"CVE-2016-1095\",\n \"CVE-2016-1112\",\n \"CVE-2016-1116\",\n \"CVE-2016-1117\",\n \"CVE-2016-1118\",\n \"CVE-2016-1119\",\n \"CVE-2016-1120\",\n \"CVE-2016-1121\",\n \"CVE-2016-1122\",\n \"CVE-2016-1123\",\n \"CVE-2016-1124\",\n \"CVE-2016-1125\",\n \"CVE-2016-1126\",\n \"CVE-2016-1127\",\n \"CVE-2016-1128\",\n \"CVE-2016-1129\",\n \"CVE-2016-1130\",\n \"CVE-2016-4088\",\n \"CVE-2016-4089\",\n \"CVE-2016-4090\",\n \"CVE-2016-4091\",\n \"CVE-2016-4092\",\n \"CVE-2016-4093\",\n \"CVE-2016-4094\",\n \"CVE-2016-4096\",\n \"CVE-2016-4097\",\n \"CVE-2016-4098\",\n \"CVE-2016-4099\",\n \"CVE-2016-4100\",\n \"CVE-2016-4101\",\n \"CVE-2016-4102\",\n \"CVE-2016-4103\",\n \"CVE-2016-4104\",\n \"CVE-2016-4105\",\n \"CVE-2016-4106\",\n \"CVE-2016-4107\",\n \"CVE-2016-4119\"\n );\n script_bugtraq_id(90517);\n script_xref(name:\"ZDI\", value:\"ZDI-16-285\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-286\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-287\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-288\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-289\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-290\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-291\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-292\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-293\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-294\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-295\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-296\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-297\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-298\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-299\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-300\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-301\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-302\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-303\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-304\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-305\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-306\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-307\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-308\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-309\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-310\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-311\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-312\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-313\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-315\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-316\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-317\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-318\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-319\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-320\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-321\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-322\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-323\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-324\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-325\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-326\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-327\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-328\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-329\");\n\n script_name(english:\"Adobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.16 / 15.006.30172 / 15.016.20039\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\n# NOTE: For this version of Reader, the AcroRd32.dll file was only\n# updated to reflect the proper version. The normal EXE was\n# not updated, so we have to look at the DLL.\n# The detection plugin will not report the proper version.\nversion = install['DLL_Product_Version']; # DLL version - not EXE\npath = install['path'];\nverui = install['DLL_Display_Version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.16\n# DC Classic < 15.006.30172\n# DC Continuous < 15.016.20039\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 15) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30171) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 15) ||\n (ver[0] == 15 && ver[1] == 16 && ver[2] <= 20038)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Note: The Adobe Reader version was extracted from AcroRd32.dll.' +\n '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.16 / 15.006.30172 / 15.016.20039' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:44:56", "description": "The version of Adobe Reader installed on the remote Mac OS X host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "title": "Adobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-4119", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB16-14.NASL", "href": "https://www.tenable.com/plugins/nessus/91099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91099);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1037\",\n \"CVE-2016-1038\",\n \"CVE-2016-1039\",\n \"CVE-2016-1040\",\n \"CVE-2016-1041\",\n \"CVE-2016-1042\",\n \"CVE-2016-1043\",\n \"CVE-2016-1044\",\n \"CVE-2016-1045\",\n \"CVE-2016-1046\",\n \"CVE-2016-1047\",\n \"CVE-2016-1048\",\n \"CVE-2016-1049\",\n \"CVE-2016-1050\",\n \"CVE-2016-1051\",\n \"CVE-2016-1052\",\n \"CVE-2016-1053\",\n \"CVE-2016-1054\",\n \"CVE-2016-1055\",\n \"CVE-2016-1056\",\n \"CVE-2016-1057\",\n \"CVE-2016-1058\",\n \"CVE-2016-1059\",\n \"CVE-2016-1060\",\n \"CVE-2016-1061\",\n \"CVE-2016-1062\",\n \"CVE-2016-1063\",\n \"CVE-2016-1064\",\n \"CVE-2016-1065\",\n \"CVE-2016-1066\",\n \"CVE-2016-1067\",\n \"CVE-2016-1068\",\n \"CVE-2016-1069\",\n \"CVE-2016-1070\",\n \"CVE-2016-1071\",\n \"CVE-2016-1072\",\n \"CVE-2016-1073\",\n \"CVE-2016-1074\",\n \"CVE-2016-1075\",\n \"CVE-2016-1076\",\n \"CVE-2016-1077\",\n \"CVE-2016-1078\",\n \"CVE-2016-1079\",\n \"CVE-2016-1080\",\n \"CVE-2016-1081\",\n \"CVE-2016-1082\",\n \"CVE-2016-1083\",\n \"CVE-2016-1084\",\n \"CVE-2016-1085\",\n \"CVE-2016-1086\",\n \"CVE-2016-1087\",\n \"CVE-2016-1088\",\n \"CVE-2016-1090\",\n \"CVE-2016-1092\",\n \"CVE-2016-1093\",\n \"CVE-2016-1094\",\n \"CVE-2016-1095\",\n \"CVE-2016-1112\",\n \"CVE-2016-1116\",\n \"CVE-2016-1117\",\n \"CVE-2016-1118\",\n \"CVE-2016-1119\",\n \"CVE-2016-1120\",\n \"CVE-2016-1121\",\n \"CVE-2016-1122\",\n \"CVE-2016-1123\",\n \"CVE-2016-1124\",\n \"CVE-2016-1125\",\n \"CVE-2016-1126\",\n \"CVE-2016-1127\",\n \"CVE-2016-1128\",\n \"CVE-2016-1129\",\n \"CVE-2016-1130\",\n \"CVE-2016-4088\",\n \"CVE-2016-4089\",\n \"CVE-2016-4090\",\n \"CVE-2016-4091\",\n \"CVE-2016-4092\",\n \"CVE-2016-4093\",\n \"CVE-2016-4094\",\n \"CVE-2016-4096\",\n \"CVE-2016-4097\",\n \"CVE-2016-4098\",\n \"CVE-2016-4099\",\n \"CVE-2016-4100\",\n \"CVE-2016-4101\",\n \"CVE-2016-4102\",\n \"CVE-2016-4103\",\n \"CVE-2016-4104\",\n \"CVE-2016-4105\",\n \"CVE-2016-4106\",\n \"CVE-2016-4107\",\n \"CVE-2016-4119\"\n );\n script_bugtraq_id(90517);\n script_xref(name:\"ZDI\", value:\"ZDI-16-285\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-286\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-287\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-288\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-289\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-290\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-291\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-292\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-293\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-294\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-295\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-296\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-297\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-298\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-299\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-300\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-301\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-302\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-303\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-304\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-305\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-306\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-307\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-308\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-309\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-310\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-311\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-312\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-313\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-315\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-316\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-317\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-318\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-319\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-320\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-321\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-322\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-323\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-324\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-325\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-326\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-327\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-328\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-329\");\n\n script_name(english:\"Adobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\nprior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb16-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.16 / 15.006.30172 / 15.016.20039\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.16\n# DC Classic < 15.006.30172\n# DC Continuous < 15.016.20039\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 15) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30171) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 15) ||\n (ver[0] == 15 && ver[1] == 16 && ver[2] <= 20038)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.16 / 15.006.30172 / 15.016.20039' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:43:53", "description": "The version of Adobe Acrobat installed on the remote Mac OS X host is\nprior to 11.0.16 / 15.006.30172 / 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "title": "Adobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1094", "CVE-2016-1117", "CVE-2016-1086", "CVE-2016-1045", "CVE-2016-1058", "CVE-2016-1040", "CVE-2016-1050", "CVE-2016-1061", "CVE-2016-1039", "CVE-2016-1095", "CVE-2016-1129", "CVE-2016-1052", "CVE-2016-4101", "CVE-2016-1047", "CVE-2016-1046", "CVE-2016-1076", "CVE-2016-1043", "CVE-2016-1054", "CVE-2016-1122", "CVE-2016-4104", "CVE-2016-1116", "CVE-2016-1077", "CVE-2016-1112", "CVE-2016-1071", "CVE-2016-1062", "CVE-2016-4090", "CVE-2016-1063", "CVE-2016-1064", "CVE-2016-1070", "CVE-2016-4097", "CVE-2016-1041", "CVE-2016-1079", "CVE-2016-1121", "CVE-2016-4107", "CVE-2016-1074", "CVE-2016-4093", "CVE-2016-4105", "CVE-2016-4091", "CVE-2016-1092", "CVE-2016-4089", "CVE-2016-1056", "CVE-2016-1069", "CVE-2016-1065", "CVE-2016-1126", "CVE-2016-1118", "CVE-2016-1042", "CVE-2016-4100", "CVE-2016-1037", "CVE-2016-1078", "CVE-2016-4094", "CVE-2016-4092", "CVE-2016-1130", "CVE-2016-1093", "CVE-2016-1044", "CVE-2016-1068", "CVE-2016-4096", "CVE-2016-1057", "CVE-2016-1128", "CVE-2016-1085", "CVE-2016-1081", "CVE-2016-1084", "CVE-2016-4102", "CVE-2016-1048", "CVE-2016-1119", "CVE-2016-1123", "CVE-2016-4119", "CVE-2016-1075", "CVE-2016-1067", "CVE-2016-1090", "CVE-2016-1051", "CVE-2016-1080", "CVE-2016-1038", "CVE-2016-4088", "CVE-2016-1073", "CVE-2016-1059", "CVE-2016-1055", "CVE-2016-1083", "CVE-2016-1124", "CVE-2016-4098", "CVE-2016-4103", "CVE-2016-1066", "CVE-2016-1088", "CVE-2016-1127", "CVE-2016-4106", "CVE-2016-1060", "CVE-2016-4099", "CVE-2016-1072", "CVE-2016-1120", "CVE-2016-1125", "CVE-2016-1049", "CVE-2016-1053", "CVE-2016-1087", "CVE-2016-1082"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB16-14.NASL", "href": "https://www.tenable.com/plugins/nessus/91098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91098);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1037\",\n \"CVE-2016-1038\",\n \"CVE-2016-1039\",\n \"CVE-2016-1040\",\n \"CVE-2016-1041\",\n \"CVE-2016-1042\",\n \"CVE-2016-1043\",\n \"CVE-2016-1044\",\n \"CVE-2016-1045\",\n \"CVE-2016-1046\",\n \"CVE-2016-1047\",\n \"CVE-2016-1048\",\n \"CVE-2016-1049\",\n \"CVE-2016-1050\",\n \"CVE-2016-1051\",\n \"CVE-2016-1052\",\n \"CVE-2016-1053\",\n \"CVE-2016-1054\",\n \"CVE-2016-1055\",\n \"CVE-2016-1056\",\n \"CVE-2016-1057\",\n \"CVE-2016-1058\",\n \"CVE-2016-1059\",\n \"CVE-2016-1060\",\n \"CVE-2016-1061\",\n \"CVE-2016-1062\",\n \"CVE-2016-1063\",\n \"CVE-2016-1064\",\n \"CVE-2016-1065\",\n \"CVE-2016-1066\",\n \"CVE-2016-1067\",\n \"CVE-2016-1068\",\n \"CVE-2016-1069\",\n \"CVE-2016-1070\",\n \"CVE-2016-1071\",\n \"CVE-2016-1072\",\n \"CVE-2016-1073\",\n \"CVE-2016-1074\",\n \"CVE-2016-1075\",\n \"CVE-2016-1076\",\n \"CVE-2016-1077\",\n \"CVE-2016-1078\",\n \"CVE-2016-1079\",\n \"CVE-2016-1080\",\n \"CVE-2016-1081\",\n \"CVE-2016-1082\",\n \"CVE-2016-1083\",\n \"CVE-2016-1084\",\n \"CVE-2016-1085\",\n \"CVE-2016-1086\",\n \"CVE-2016-1087\",\n \"CVE-2016-1088\",\n \"CVE-2016-1090\",\n \"CVE-2016-1092\",\n \"CVE-2016-1093\",\n \"CVE-2016-1094\",\n \"CVE-2016-1095\",\n \"CVE-2016-1112\",\n \"CVE-2016-1116\",\n \"CVE-2016-1117\",\n \"CVE-2016-1118\",\n \"CVE-2016-1119\",\n \"CVE-2016-1120\",\n \"CVE-2016-1121\",\n \"CVE-2016-1122\",\n \"CVE-2016-1123\",\n \"CVE-2016-1124\",\n \"CVE-2016-1125\",\n \"CVE-2016-1126\",\n \"CVE-2016-1127\",\n \"CVE-2016-1128\",\n \"CVE-2016-1129\",\n \"CVE-2016-1130\",\n \"CVE-2016-4088\",\n \"CVE-2016-4089\",\n \"CVE-2016-4090\",\n \"CVE-2016-4091\",\n \"CVE-2016-4092\",\n \"CVE-2016-4093\",\n \"CVE-2016-4094\",\n \"CVE-2016-4096\",\n \"CVE-2016-4097\",\n \"CVE-2016-4098\",\n \"CVE-2016-4099\",\n \"CVE-2016-4100\",\n \"CVE-2016-4101\",\n \"CVE-2016-4102\",\n \"CVE-2016-4103\",\n \"CVE-2016-4104\",\n \"CVE-2016-4105\",\n \"CVE-2016-4106\",\n \"CVE-2016-4107\",\n \"CVE-2016-4119\"\n );\n script_bugtraq_id(90517);\n script_xref(name:\"ZDI\", value:\"ZDI-16-285\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-286\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-287\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-288\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-289\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-290\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-291\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-292\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-293\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-294\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-295\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-296\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-297\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-298\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-299\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-300\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-301\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-302\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-303\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-304\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-305\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-306\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-307\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-308\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-309\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-310\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-311\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-312\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-313\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-315\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-316\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-317\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-318\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-319\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-320\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-321\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-322\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-323\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-324\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-325\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-326\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-327\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-328\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-329\");\n\n script_name(english:\"Adobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Mac OS X host is\nprior to 11.0.16 / 15.006.30172 / 15.016.20039. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1045,\n CVE-2016-1046, CVE-2016-1047, CVE-2016-1048,\n CVE-2016-1049, CVE-2016-1050, CVE-2016-1051,\n CVE-2016-1052, CVE-2016-1053, CVE-2016-1054,\n CVE-2016-1055, CVE-2016-1056, CVE-2016-1057,\n CVE-2016-1058, CVE-2016-1059, CVE-2016-1060,\n CVE-2016-1061, CVE-2016-1065, CVE-2016-1066,\n CVE-2016-1067, CVE-2016-1068, CVE-2016-1069,\n CVE-2016-1070, CVE-2016-1075, CVE-2016-1094,\n CVE-2016-1121, CVE-2016-1122, CVE-2016-4102,\n CVE-2016-4107)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2016-4091, CVE-2016-4092)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1037,\n CVE-2016-1063, CVE-2016-1064, CVE-2016-1071,\n CVE-2016-1072, CVE-2016-1073, CVE-2016-1074,\n CVE-2016-1076, CVE-2016-1077, CVE-2016-1078,\n CVE-2016-1080, CVE-2016-1081, CVE-2016-1082,\n CVE-2016-1083, CVE-2016-1084, CVE-2016-1085,\n CVE-2016-1086, CVE-2016-1088, CVE-2016-1093,\n CVE-2016-1095, CVE-2016-1116, CVE-2016-1118,\n CVE-2016-1119, CVE-2016-1120, CVE-2016-1123,\n CVE-2016-1124, CVE-2016-1125, CVE-2016-1126,\n CVE-2016-1127, CVE-2016-1128, CVE-2016-1129,\n CVE-2016-1130, CVE-2016-4088, CVE-2016-4089,\n CVE-2016-4090, CVE-2016-4093, CVE-2016-4094,\n CVE-2016-4096, CVE-2016-4097, CVE-2016-4098,\n CVE-2016-4099, CVE-2016-4100, CVE-2016-4101,\n CVE-2016-4103, CVE-2016-4104, CVE-2016-4105,\n CVE-2016-4119)\n\n - An integer overflow vulnerability exists that allows an\n attacker to execute arbitrary code. (CVE-2016-1043)\n\n - Multiple memory leak issues exist that allow an attacker\n to have an unspecified impact. (CVE-2016-1079,\n CVE-2016-1092)\n\n - An unspecified flaw exists that allows an attacker to\n disclose sensitive information. (CVE-2016-1112)\n\n - Multiple vulnerabilities exist that allow an attacker to\n bypass restrictions on JavaScript API execution.\n (CVE-2016-1038, CVE-2016-1039, CVE-2016-1040,\n CVE-2016-1041, CVE-2016-1042, CVE-2016-1044,\n CVE-2016-1062, CVE-2016-1117)\n\n - Multiple flaws exist when loading dynamic-link\n libraries. An attacker can exploit this, via a specially\n crafted .dll file, to execute arbitrary code.\n (CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/reader/apsb16-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.16 / 15.006.30172 / 15.016.20039\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.16\n# DC Classic < 15.006.30172\n# DC Continuous < 15.016.20039\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 15) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30171) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 15) ||\n (ver[0] == 15 && ver[1] == 16 && ver[2] <= 20038)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.16 / 15.006.30172 / 15.016.20039' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
