ID ZDI-17-005 Type zdi Reporter Anonymous Modified 2017-01-11T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within XSLT's element-available method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"type": "zdi", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-005", "objectVersion": "1.2", "bulletinFamily": "info", "cvelist": ["CVE-2017-2949"], "cvss": {"vector": "NONE", "score": 0.0}, "hash": "77c04514c6a80eb6bdbdb4e40d12be22644f57609ac61db5088c89c93b041b7a", "enchantments": {"score": {"vector": "NONE", "value": 9.3}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2949"]}, {"type": "zdi", "idList": ["ZDI-17-009", "ZDI-17-017", "ZDI-17-015", "ZDI-17-008", "ZDI-17-016", "ZDI-17-028", "ZDI-17-020", "ZDI-17-018", "ZDI-17-012", "ZDI-17-019"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810333", "OPENVAS:1361412562310810335", "OPENVAS:1361412562310810332", "OPENVAS:1361412562310810334"]}, {"type": "kaspersky", "idList": ["KLA10935"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB17-01.NASL", "MACOSX_ADOBE_ACROBAT_APSB17-01.NASL", "MACOSX_ADOBE_READER_APSB17-01.NASL", "ADOBE_READER_APSB17-01.NASL"]}], "modified": "2017-01-11T01:58:40"}, "vulnersScore": 9.3}, "lastseen": "2017-01-11T01:58:40", "viewCount": 13, "id": "ZDI-17-005", "history": [], "references": ["https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "36e251505ece818580d89562ab5b0e4f"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b0626f194722120e0cff51e3bdb4e6f4"}, {"key": "href", "hash": "305c9791337efd817e416ba3f373d3a1"}, {"key": "modified", "hash": "93a870a4cbcc9909bb7a08ec42ea9932"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a6e487b241db96af61fe671a1b90b041"}, {"key": "references", "hash": "8ac6c123ed998121075da912953f99c9"}, {"key": "reporter", "hash": "7079c72c21415131774625ba1d64f4b0"}, {"key": "title", "hash": "c73f5cfa4e120df540c67b91af1d3478"}, {"key": "type", "hash": "3dd086b59554fe33c1b8f051475b4b31"}], "reporter": "Anonymous", "modified": "2017-01-11T00:00:00", "title": " Adobe Reader DC XSLT element-available Heap-based Buffer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's element-available method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process."}
{"cve": [{"lastseen": "2017-01-18T10:59:28", "bulletinFamily": "NVD", "description": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.", "modified": "2017-01-17T21:59:21", "published": "2017-01-10T23:59:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2949", "id": "CVE-2017-2949", "type": "cve", "title": "CVE-2017-2949", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's key. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-015", "id": "ZDI-17-015", "type": "zdi", "title": " Adobe Reader DC XSLT key Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's output. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-008", "id": "ZDI-17-008", "type": "zdi", "title": " Adobe Reader DC XSLT output Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's output. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-016", "id": "ZDI-17-016", "type": "zdi", "title": " Adobe Reader DC XSLT sort Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's element. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-028", "id": "ZDI-17-028", "type": "zdi", "title": " Adobe Reader DC XSLT element Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's format-number method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-009", "id": "ZDI-17-009", "type": "zdi", "title": " Adobe Reader DC XSLT format-number Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's function-available method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-017", "id": "ZDI-17-017", "type": "zdi", "title": " Adobe Reader DC XSLT function-available Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's decimal-format. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-020", "id": "ZDI-17-020", "type": "zdi", "title": " Adobe Reader DC XSLT decimal-format Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's processing-instruction. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-018", "id": "ZDI-17-018", "type": "zdi", "title": " Adobe Reader DC XSLT processing-instruction Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's attribute. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-012", "id": "ZDI-17-012", "type": "zdi", "title": "Adobe Reader DC XSLT attribute Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-11T01:58:40", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within XSLT's namespace-alias. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2017-01-11T00:00:00", "published": "2017-01-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-019", "id": "ZDI-17-019", "type": "zdi", "title": " Adobe Reader DC XSLT namespace-alias Heap-based Buffer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-10-22T16:34:13", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310810335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810335", "title": "Adobe Reader Security Updates(apsb17-01)-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_apsb17-01_macosx.nasl 11863 2018-10-12 09:42:02Z mmartin $\n#\n# Adobe Reader Security Updates(apsb17-01)-MAC OS X\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810335\");\n script_version(\"$Revision: 11863 $\");\n script_cve_id(\"CVE-2017-2939\", \"CVE-2017-2940\", \"CVE-2017-2941\", \"CVE-2017-2942\",\n \"CVE-2017-2943\", \"CVE-2017-2944\", \"CVE-2017-2945\", \"CVE-2017-2946\",\n \"CVE-2017-2947\", \"CVE-2017-2948\", \"CVE-2017-2949\", \"CVE-2017-2950\",\n \"CVE-2017-2951\", \"CVE-2017-2952\", \"CVE-2017-2953\", \"CVE-2017-2954\",\n \"CVE-2017-2955\", \"CVE-2017-2956\", \"CVE-2017-2957\", \"CVE-2017-2958\",\n \"CVE-2017-2959\", \"CVE-2017-2960\", \"CVE-2017-2961\", \"CVE-2017-2962\",\n \"CVE-2017-2963\", \"CVE-2017-2964\", \"CVE-2017-2965\", \"CVE-2017-2966\",\n \"CVE-2017-2967\", \"CVE-2017-2970\", \"CVE-2017-2971\", \"CVE-2017-2972\",\n \"CVE-2017-3009\", \"CVE-2017-3010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:42:02 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:28:14 +0530 (Wed, 11 Jan 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-01)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion vulnerability.\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - The buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to do code execution,\n security bypass and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before\n 11.0.19 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.19 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/in/products/acrobat.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.18\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.19\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:34:54", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310810333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810333", "title": "Adobe Acrobat Security Updates(apsb17-01)-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_apsb17-01_macosx.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# Adobe Acrobat Security Updates(apsb17-01)-MAC OS X\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810333\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2017-2939\", \"CVE-2017-2940\", \"CVE-2017-2941\", \"CVE-2017-2942\",\n \"CVE-2017-2943\", \"CVE-2017-2944\", \"CVE-2017-2945\", \"CVE-2017-2946\",\n \"CVE-2017-2947\", \"CVE-2017-2948\", \"CVE-2017-2949\", \"CVE-2017-2950\",\n \"CVE-2017-2951\", \"CVE-2017-2952\", \"CVE-2017-2953\", \"CVE-2017-2954\",\n \"CVE-2017-2955\", \"CVE-2017-2956\", \"CVE-2017-2957\", \"CVE-2017-2958\",\n \"CVE-2017-2959\", \"CVE-2017-2960\", \"CVE-2017-2961\", \"CVE-2017-2962\",\n \"CVE-2017-2963\", \"CVE-2017-2964\", \"CVE-2017-2965\", \"CVE-2017-2966\",\n \"CVE-2017-2967\", \"CVE-2017-2970\", \"CVE-2017-2971\", \"CVE-2017-2972\",\n \"CVE-2017-3009\", \"CVE-2017-3010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:28:14 +0530 (Wed, 11 Jan 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-01)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion vulnerability.\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - The buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to do code execution,\n security bypass and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before\n 11.0.19 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.19 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/in/products/acrobat.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.18\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.19\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:34:23", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310810332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810332", "title": "Adobe Acrobat Security Updates(apsb17-01)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_acrobat_apsb17-01_win.nasl 11977 2018-10-19 07:28:56Z mmartin $\n#\n# Adobe Acrobat Security Updates(apsb17-01)-Windows\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810332\");\n script_version(\"$Revision: 11977 $\");\n script_cve_id(\"CVE-2017-2939\", \"CVE-2017-2940\", \"CVE-2017-2941\", \"CVE-2017-2942\",\n \"CVE-2017-2943\", \"CVE-2017-2944\", \"CVE-2017-2945\", \"CVE-2017-2946\",\n \"CVE-2017-2947\", \"CVE-2017-2948\", \"CVE-2017-2949\", \"CVE-2017-2950\",\n \"CVE-2017-2951\", \"CVE-2017-2952\", \"CVE-2017-2953\", \"CVE-2017-2954\",\n \"CVE-2017-2955\", \"CVE-2017-2956\", \"CVE-2017-2957\", \"CVE-2017-2958\",\n \"CVE-2017-2959\", \"CVE-2017-2960\", \"CVE-2017-2961\", \"CVE-2017-2962\",\n \"CVE-2017-2963\", \"CVE-2017-2964\", \"CVE-2017-2965\", \"CVE-2017-2966\",\n \"CVE-2017-2967\", \"CVE-2017-2970\", \"CVE-2017-2971\", \"CVE-2017-2972\",\n \"CVE-2017-3009\", \"CVE-2017-3010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 09:28:56 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:28:14 +0530 (Wed, 11 Jan 2017)\");\n script_name(\"Adobe Acrobat Security Updates(apsb17-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion vulnerability.\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - The buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to do code execution,\n security bypass and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat version 11.x before\n 11.0.19 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat version\n 11.0.19 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/in/products/acrobat.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.18\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.19\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-11T12:34:49", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.", "modified": "2018-10-10T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310810334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810334", "title": "Adobe Reader Security Updates(apsb17-01)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_apsb17-01_win.nasl 11816 2018-10-10 10:42:56Z mmartin $\n#\n# Adobe Reader Security Updates(apsb17-01)-Windows\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810334\");\n script_version(\"$Revision: 11816 $\");\n script_cve_id(\"CVE-2017-2939\", \"CVE-2017-2940\", \"CVE-2017-2941\", \"CVE-2017-2942\",\n \"CVE-2017-2943\", \"CVE-2017-2944\", \"CVE-2017-2945\", \"CVE-2017-2946\",\n \"CVE-2017-2947\", \"CVE-2017-2948\", \"CVE-2017-2949\", \"CVE-2017-2950\",\n \"CVE-2017-2951\", \"CVE-2017-2952\", \"CVE-2017-2953\", \"CVE-2017-2954\",\n \"CVE-2017-2955\", \"CVE-2017-2956\", \"CVE-2017-2957\", \"CVE-2017-2958\",\n \"CVE-2017-2959\", \"CVE-2017-2960\", \"CVE-2017-2961\", \"CVE-2017-2962\",\n \"CVE-2017-2963\", \"CVE-2017-2964\", \"CVE-2017-2965\", \"CVE-2017-2966\",\n \"CVE-2017-2967\", \"CVE-2017-2970\", \"CVE-2017-2971\", \"CVE-2017-2972\",\n \"CVE-2017-3009\", \"CVE-2017-3010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-10 12:42:56 +0200 (Wed, 10 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:28:14 +0530 (Wed, 11 Jan 2017)\");\n script_name(\"Adobe Reader Security Updates(apsb17-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion vulnerability.\n\n - An use-after-free vulnerabilities.\n\n - The heap buffer overflow vulnerabilities.\n\n - The buffer overflow vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to do code execution,\n security bypass and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 11.x before\n 11.0.19 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version\n 11.0.19 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/in/products/acrobat.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:readerVer, test_version:\"11.0\", test_version2:\"11.0.18\"))\n{\n report = report_fixed_ver(installed_version:readerVer, fixed_version:\"11.0.19\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:57", "bulletinFamily": "info", "description": "### *Detect date*:\n01/05/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.\n\n### *Affected products*:\nAdobe Reader XI 11.0.18 and earlier versions \nAdobe Acrobat XI 11.0.18 and earlier versions \nAdobe Acrobat DC Classic 15.006.30244 and earlier versions \nAdobe Acrobat DC Continuous 15.020.20042 and earlier versions \nAdobe Acrobat Reader DC Classic 15.006.30244 and earlier versions \nAdobe Acrobat Reader DC Continuous 15.020.20042 and earlier versions \n\n### *Solution*:\nUpdate to the latest version \n[Get Adobe Acrobat DC](<http://supportdownloads.adobe.com/product.jsp?product=1&platform=Windows>) \n[Get Adobe Acrobat Reader DC](<https://get.adobe.com/reader/>) \n[Get Adobe Reader XI](<http://supportdownloads.adobe.com/product.jsp?product=10&platform=Windows>)\n\n### *Original advisories*:\n[APSB17-01](<https://helpx.adobe.com/security/products/acrobat/apsb17-01.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Reader XI](<https://threats.kaspersky.com/en/product/Adobe-Reader-XI/>)\n\n### *CVE-IDS*:\n[CVE-2017-2939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2939>) \n[CVE-2017-2940](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2940>) \n[CVE-2017-2941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2941>) \n[CVE-2017-2942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2942>) \n[CVE-2017-2943](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2943>) \n[CVE-2017-2944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2944>) \n[CVE-2017-2945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2945>) \n[CVE-2017-2946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2946>) \n[CVE-2017-2947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2947>) \n[CVE-2017-2948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2948>) \n[CVE-2017-2972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2972>) \n[CVE-2017-2971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2971>) \n[CVE-2017-2970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2970>) \n[CVE-2017-2967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2967>) \n[CVE-2017-2966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2966>) \n[CVE-2017-2965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2965>) \n[CVE-2017-2964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2964>) \n[CVE-2017-2963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2963>) \n[CVE-2017-2962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2962>) \n[CVE-2017-2961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2961>) \n[CVE-2017-2960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2960>) \n[CVE-2017-2959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2959>) \n[CVE-2017-2958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2958>) \n[CVE-2017-2957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2957>) \n[CVE-2017-2956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2956>) \n[CVE-2017-2955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2955>) \n[CVE-2017-2954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2954>) \n[CVE-2017-2953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2953>) \n[CVE-2017-2952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2952>) \n[CVE-2017-2951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2951>) \n[CVE-2017-2950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2950>) \n[CVE-2017-2949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2949>)", "modified": "2019-02-15T00:00:00", "published": "2017-01-05T00:00:00", "id": "KLA10935", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10935", "title": "\r KLA10935Multiple vulnerabilities in Adobe Acrobat and Adobe Reader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:25:50", "bulletinFamily": "scanner", "description": "The version of Adobe Acrobat installed on the remote Windows host is\nprior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-06-29T00:00:00", "published": "2017-01-12T00:00:00", "id": "ADOBE_ACROBAT_APSB17-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96452", "title": "Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96452);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2017-2939\",\n \"CVE-2017-2940\",\n \"CVE-2017-2941\",\n \"CVE-2017-2942\",\n \"CVE-2017-2943\",\n \"CVE-2017-2944\",\n \"CVE-2017-2945\",\n \"CVE-2017-2946\",\n \"CVE-2017-2947\",\n \"CVE-2017-2948\",\n \"CVE-2017-2949\",\n \"CVE-2017-2950\",\n \"CVE-2017-2951\",\n \"CVE-2017-2952\",\n \"CVE-2017-2953\",\n \"CVE-2017-2954\",\n \"CVE-2017-2955\",\n \"CVE-2017-2956\",\n \"CVE-2017-2957\",\n \"CVE-2017-2958\",\n \"CVE-2017-2959\",\n \"CVE-2017-2960\",\n \"CVE-2017-2961\",\n \"CVE-2017-2962\",\n \"CVE-2017-2963\",\n \"CVE-2017-2964\",\n \"CVE-2017-2965\",\n \"CVE-2017-2966\",\n \"CVE-2017-2967\",\n \"CVE-2017-3009\",\n \"CVE-2017-3010\"\n );\n script_bugtraq_id(\n 95340,\n 95343,\n 95344,\n 95345,\n 95346,\n 95348,\n 97302,\n 97306\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\nprior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.19 / 15.006.30279 / 15.023.20053\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.19\n# DC Classic < 15.006.30279\n# DC Continuous < 15.023.20053\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 18) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30244) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 19) ||\n (ver[0] == 15 && ver[1] == 20 && ver[2] <= 20042)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:50", "bulletinFamily": "scanner", "description": "The version of Adobe Reader installed on the remote Windows host is\nprior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-06-29T00:00:00", "published": "2017-01-12T00:00:00", "id": "ADOBE_READER_APSB17-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96453", "title": "Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96453);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2017-2939\",\n \"CVE-2017-2940\",\n \"CVE-2017-2941\",\n \"CVE-2017-2942\",\n \"CVE-2017-2943\",\n \"CVE-2017-2944\",\n \"CVE-2017-2945\",\n \"CVE-2017-2946\",\n \"CVE-2017-2947\",\n \"CVE-2017-2948\",\n \"CVE-2017-2949\",\n \"CVE-2017-2950\",\n \"CVE-2017-2951\",\n \"CVE-2017-2952\",\n \"CVE-2017-2953\",\n \"CVE-2017-2954\",\n \"CVE-2017-2955\",\n \"CVE-2017-2956\",\n \"CVE-2017-2957\",\n \"CVE-2017-2958\",\n \"CVE-2017-2959\",\n \"CVE-2017-2960\",\n \"CVE-2017-2961\",\n \"CVE-2017-2962\",\n \"CVE-2017-2963\",\n \"CVE-2017-2964\",\n \"CVE-2017-2965\",\n \"CVE-2017-2966\",\n \"CVE-2017-2967\",\n \"CVE-2017-3009\",\n \"CVE-2017-3010\"\n );\n script_bugtraq_id(\n 95340,\n 95343,\n 95344,\n 95345,\n 95346,\n 95348,\n 97302,\n 97306\n );\n\n script_name(english:\"Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\nprior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\nverui = install['display_version'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.19\n# DC Classic < 15.006.30279\n# DC Continuous < 15.023.20053\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 18) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30244) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 19) ||\n (ver[0] == 15 && ver[1] == 20 && ver[2] <= 20042)\n)\n{\n port = get_kb_item('SMB/transport');\n if(!port) port = 445;\n\n report = '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:50", "bulletinFamily": "scanner", "description": "The version of Adobe Acrobat installed on the remote macOS or Mac OS\nX host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-07-14T00:00:00", "published": "2017-01-12T00:00:00", "id": "MACOSX_ADOBE_ACROBAT_APSB17-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96454", "title": "Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96454);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-2939\",\n \"CVE-2017-2940\",\n \"CVE-2017-2941\",\n \"CVE-2017-2942\",\n \"CVE-2017-2943\",\n \"CVE-2017-2944\",\n \"CVE-2017-2945\",\n \"CVE-2017-2946\",\n \"CVE-2017-2947\",\n \"CVE-2017-2948\",\n \"CVE-2017-2949\",\n \"CVE-2017-2950\",\n \"CVE-2017-2951\",\n \"CVE-2017-2952\",\n \"CVE-2017-2953\",\n \"CVE-2017-2954\",\n \"CVE-2017-2955\",\n \"CVE-2017-2956\",\n \"CVE-2017-2957\",\n \"CVE-2017-2958\",\n \"CVE-2017-2959\",\n \"CVE-2017-2960\",\n \"CVE-2017-2961\",\n \"CVE-2017-2962\",\n \"CVE-2017-2963\",\n \"CVE-2017-2964\",\n \"CVE-2017-2965\",\n \"CVE-2017-2966\",\n \"CVE-2017-2967\",\n \"CVE-2017-3009\",\n \"CVE-2017-3010\"\n );\n script_bugtraq_id(\n 95340,\n 95343,\n 95344,\n 95345,\n 95346,\n 95348,\n 97302,\n 97306\n );\n\n script_name(english:\"Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Acrobat.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS\nX host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS\nX host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 11.0.19 / 15.006.30279 / 15.023.20053\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Acrobat\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.19\n# DC Classic < 15.006.30279\n# DC Continuous < 15.023.20053\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 18) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30244) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 19) ||\n (ver[0] == 15 && ver[1] == 20 && ver[2] <= 20042)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:50", "bulletinFamily": "scanner", "description": "The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-07-14T00:00:00", "published": "2017-01-12T00:00:00", "id": "MACOSX_ADOBE_READER_APSB17-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96455", "title": "Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96455);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-2939\",\n \"CVE-2017-2940\",\n \"CVE-2017-2941\",\n \"CVE-2017-2942\",\n \"CVE-2017-2943\",\n \"CVE-2017-2944\",\n \"CVE-2017-2945\",\n \"CVE-2017-2946\",\n \"CVE-2017-2947\",\n \"CVE-2017-2948\",\n \"CVE-2017-2949\",\n \"CVE-2017-2950\",\n \"CVE-2017-2951\",\n \"CVE-2017-2952\",\n \"CVE-2017-2953\",\n \"CVE-2017-2954\",\n \"CVE-2017-2955\",\n \"CVE-2017-2956\",\n \"CVE-2017-2957\",\n \"CVE-2017-2958\",\n \"CVE-2017-2959\",\n \"CVE-2017-2960\",\n \"CVE-2017-2961\",\n \"CVE-2017-2962\",\n \"CVE-2017-2963\",\n \"CVE-2017-2964\",\n \"CVE-2017-2965\",\n \"CVE-2017-2966\",\n \"CVE-2017-2967\",\n \"CVE-2017-3009\",\n \"CVE-2017-3010\"\n );\n script_bugtraq_id(\n 95340,\n 95343,\n 95344,\n 95345,\n 95346,\n 95348,\n 97302,\n 97306\n );\n\n script_name(english:\"Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (macOS)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941,\n CVE-2017-2943, CVE-2017-2944, CVE-2017-2953,\n CVE-2017-2954)\n\n - Multiple heap buffer overflow conditions exist due to\n improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2942, CVE-2017-2945,\n CVE-2017-2959)\n\n - A heap buffer overflow condition exists when handling\n JPEG2000 images due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2017-2946)\n\n - An unspecified security bypass vulnerability exists that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2017-2947)\n\n - Multiple overflow conditions exist due to improper\n validation of unspecified input. An unauthenticated,\n remote attacker can exploit these to execute arbitrary\n code. (CVE-2017-2948, CVE-2017-2952)\n\n - A heap buffer overflow condition exists when handling\n the XSLT element-available() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2949)\n\n - Multiple use-after-free memory errors exist when handling\n XFA subform layouts, hyphenation objects, field font\n sizes, and template objects. An unauthenticated, remote\n attacker can exploit these to execute arbitrary code.\n (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961,\n CVE-2017-2967)\n\n - Multiple use-after-free memory errors exist that allow\n an unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957,\n CVE-2017-2958)\n\n - Multiple memory corruption issues exist when handling\n JPEG and TIFF files due to improper validation of\n unspecified input. An unauthenticated, remote attacker\n can exploit these to execute arbitrary code.\n (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964,\n CVE-2017-2965)\n\n - A type confusion error exists when handling the XSLT\n lang() function that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2017-2962)\n\n - A heap buffer overflow condition exists in the\n ImageConversion component when handling TIFF images()\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2966)\n\n - A buffer overflow condition exists in the JPEG2000\n parser due to improper validation of unspecified input.\n An unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-3009)\n\n - A memory corruption issue exists in the Rendering engine\n due to improper validation of unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-3010)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 \nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_name = \"Adobe Reader\";\ninstall = get_single_install(app_name:app_name);\n\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected is :\n#\n# 11.x < 11.0.19\n# DC Classic < 15.006.30279\n# DC Continuous < 15.023.20053\nif (\n (ver[0] == 11 && ver[1] == 0 && ver[2] <= 18) ||\n (ver[0] == 15 && ver[1] == 6 && ver[2] <= 30244) ||\n (ver[0] == 15 && ver[1] >= 7 && ver[1] <= 19) ||\n (ver[0] == 15 && ver[1] == 20 && ver[2] <= 20042)\n)\n{\n report = '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}