This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images embedded inside EMF files. When parsing the ImageDescriptor object, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"id": "ZDI-18-450", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF ImageDescriptor Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images embedded inside EMF files. When parsing the ImageDescriptor object, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2018-05-15T00:00:00", "modified": "2018-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-450/", "reporter": "Steven Seeley (mr_me) of Source Incite", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"], "cvelist": ["CVE-2018-4966"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB18-09"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0428"]}, {"type": "cve", "idList": ["CVE-2018-4966"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB18-09.NASL", "ADOBE_READER_APSB18-09.NASL", "MACOSX_ADOBE_ACROBAT_APSB18-09.NASL", "MACOSX_ADOBE_READER_APSB18-09.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813230", "OPENVAS:1361412562310813231", "OPENVAS:1361412562310813232", "OPENVAS:1361412562310813233", "OPENVAS:1361412562310813238", "OPENVAS:1361412562310813239", "OPENVAS:1361412562310813240", "OPENVAS:1361412562310813241"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:52B0618B9393F16E911AB8A5CC487A7C"]}, {"type": "zdi", "idList": ["ZDI-18-597"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB18-09"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0428"]}, {"type": "cve", "idList": ["CVE-2018-4966"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB18-09.NASL", "ADOBE_READER_APSB18-09.NASL", "MACOSX_ADOBE_ACROBAT_APSB18-09.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813230", "OPENVAS:1361412562310813231", "OPENVAS:1361412562310813232", "OPENVAS:1361412562310813233", "OPENVAS:1361412562310813238", "OPENVAS:1361412562310813239", "OPENVAS:1361412562310813240", "OPENVAS:1361412562310813241"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:52B0618B9393F16E911AB8A5CC487A7C"]}, {"type": "zdi", "idList": ["ZDI-18-597"]}]}, "exploitation": null, "vulnersScore": 5.4}, "_state": {"dependencies": 1647589307, "score": 0}}
{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:29:40", "description": "A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-08T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Heap Overflow (APSB18-09: CVE-2018-4966)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4966"], "modified": "2018-05-08T00:00:00", "id": "CPAI-2018-0428", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T17:38:23", "description": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-09T19:29:00", "type": "cve", "title": "CVE-2018-4966", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4966"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2018-4966", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4966", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "zdi": [{"lastseen": "2022-01-31T21:50:03", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images embedded inside EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-26T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4966"], "modified": "2018-06-26T00:00:00", "id": "ZDI-18-597", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-597/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-09T18:44:01", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12812", "CVE-2018-12815", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993", "CVE-2018-4995", "CVE-2018-4996"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB18-09.NASL", "href": "https://www.tenable.com/plugins/nessus/109895", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109895);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-4947\",\n \"CVE-2018-4948\",\n \"CVE-2018-4949\",\n \"CVE-2018-4950\",\n \"CVE-2018-4951\",\n \"CVE-2018-4952\",\n \"CVE-2018-4953\",\n \"CVE-2018-4954\",\n \"CVE-2018-4955\",\n \"CVE-2018-4956\",\n \"CVE-2018-4957\",\n \"CVE-2018-4958\",\n \"CVE-2018-4959\",\n \"CVE-2018-4960\",\n \"CVE-2018-4961\",\n \"CVE-2018-4962\",\n \"CVE-2018-4963\",\n \"CVE-2018-4964\",\n \"CVE-2018-4965\",\n \"CVE-2018-4966\",\n \"CVE-2018-4967\",\n \"CVE-2018-4968\",\n \"CVE-2018-4969\",\n \"CVE-2018-4970\",\n \"CVE-2018-4971\",\n \"CVE-2018-4972\",\n \"CVE-2018-4973\",\n \"CVE-2018-4974\",\n \"CVE-2018-4975\",\n \"CVE-2018-4976\",\n \"CVE-2018-4977\",\n \"CVE-2018-4978\",\n \"CVE-2018-4979\",\n \"CVE-2018-4980\",\n \"CVE-2018-4981\",\n \"CVE-2018-4982\",\n \"CVE-2018-4983\",\n \"CVE-2018-4984\",\n \"CVE-2018-4985\",\n \"CVE-2018-4986\",\n \"CVE-2018-4987\",\n \"CVE-2018-4988\",\n \"CVE-2018-4989\",\n \"CVE-2018-4990\",\n \"CVE-2018-4993\",\n \"CVE-2018-4995\",\n \"CVE-2018-4996\",\n \"CVE-2018-12812\",\n \"CVE-2018-12815\"\n );\n script_bugtraq_id(\n 104102,\n 104167,\n 104168,\n 104169,\n 104171,\n 104172,\n 104173,\n 104174,\n 104175,\n 104176,\n 104177\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a\nversion prior to 2015.006.30418, 2017.011.30080,\nor 2018.011.20040. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30418 / 2017.011.30080\n/ 2018.011.20040 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\", win_local:TRUE);\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30417\", \"fixed_version\" : \"15.6.30418\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.11.30079\", \"fixed_version\" : \"17.11.30080\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"18.11.20038\", \"fixed_version\" : \"18.11.20040\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T18:43:58", "description": "The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12812", "CVE-2018-12815", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993", "CVE-2018-4995", "CVE-2018-4996"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOSX_ADOBE_ACROBAT_APSB18-09.NASL", "href": "https://www.tenable.com/plugins/nessus/109897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109897);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-4947\",\n \"CVE-2018-4948\",\n \"CVE-2018-4949\",\n \"CVE-2018-4950\",\n \"CVE-2018-4951\",\n \"CVE-2018-4952\",\n \"CVE-2018-4953\",\n \"CVE-2018-4954\",\n \"CVE-2018-4955\",\n \"CVE-2018-4956\",\n \"CVE-2018-4957\",\n \"CVE-2018-4958\",\n \"CVE-2018-4959\",\n \"CVE-2018-4960\",\n \"CVE-2018-4961\",\n \"CVE-2018-4962\",\n \"CVE-2018-4963\",\n \"CVE-2018-4964\",\n \"CVE-2018-4965\",\n \"CVE-2018-4966\",\n \"CVE-2018-4967\",\n \"CVE-2018-4968\",\n \"CVE-2018-4969\",\n \"CVE-2018-4970\",\n \"CVE-2018-4971\",\n \"CVE-2018-4972\",\n \"CVE-2018-4973\",\n \"CVE-2018-4974\",\n \"CVE-2018-4975\",\n \"CVE-2018-4976\",\n \"CVE-2018-4977\",\n \"CVE-2018-4978\",\n \"CVE-2018-4979\",\n \"CVE-2018-4980\",\n \"CVE-2018-4981\",\n \"CVE-2018-4982\",\n \"CVE-2018-4983\",\n \"CVE-2018-4984\",\n \"CVE-2018-4985\",\n \"CVE-2018-4986\",\n \"CVE-2018-4987\",\n \"CVE-2018-4988\",\n \"CVE-2018-4989\",\n \"CVE-2018-4990\",\n \"CVE-2018-4993\",\n \"CVE-2018-4995\",\n \"CVE-2018-4996\",\n \"CVE-2018-12812\",\n \"CVE-2018-12815\"\n );\n script_bugtraq_id(\n 104102,\n 104167,\n 104168,\n 104169,\n 104171,\n 104172,\n 104173,\n 104174,\n 104175,\n 104176,\n 104177\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Adobe Acrobat < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS or Mac OS X\nhost is a version prior to 2015.006.30418, 2017.011.30080,\nor 2018.011.20040. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 2015.006.30418 / 2017.011.30080\n/ 2018.011.20040 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Acrobat\");\n\n constraints = [\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.6.30418\" },\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.11.30080\" },\n { \"min_version\" : \"18.8\", \"fixed_version\" : \"18.11.20040\" }\n ];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T18:43:40", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30417, 2017.011.30079, or 2018.011.20038. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2015.006.30417 / 2017.011.30079 / 2018.011.20038 Multiple Vulnerabilities (APSB18-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12812", "CVE-2018-12815", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993", "CVE-2018-4995", "CVE-2018-4996"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB18-09.NASL", "href": "https://www.tenable.com/plugins/nessus/109896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109896);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-4947\",\n \"CVE-2018-4948\",\n \"CVE-2018-4949\",\n \"CVE-2018-4950\",\n \"CVE-2018-4951\",\n \"CVE-2018-4952\",\n \"CVE-2018-4953\",\n \"CVE-2018-4954\",\n \"CVE-2018-4955\",\n \"CVE-2018-4956\",\n \"CVE-2018-4957\",\n \"CVE-2018-4958\",\n \"CVE-2018-4959\",\n \"CVE-2018-4960\",\n \"CVE-2018-4961\",\n \"CVE-2018-4962\",\n \"CVE-2018-4963\",\n \"CVE-2018-4964\",\n \"CVE-2018-4965\",\n \"CVE-2018-4966\",\n \"CVE-2018-4967\",\n \"CVE-2018-4968\",\n \"CVE-2018-4969\",\n \"CVE-2018-4970\",\n \"CVE-2018-4971\",\n \"CVE-2018-4972\",\n \"CVE-2018-4973\",\n \"CVE-2018-4974\",\n \"CVE-2018-4975\",\n \"CVE-2018-4976\",\n \"CVE-2018-4977\",\n \"CVE-2018-4978\",\n \"CVE-2018-4979\",\n \"CVE-2018-4980\",\n \"CVE-2018-4981\",\n \"CVE-2018-4982\",\n \"CVE-2018-4983\",\n \"CVE-2018-4984\",\n \"CVE-2018-4985\",\n \"CVE-2018-4986\",\n \"CVE-2018-4987\",\n \"CVE-2018-4988\",\n \"CVE-2018-4989\",\n \"CVE-2018-4990\",\n \"CVE-2018-4993\",\n \"CVE-2018-4995\",\n \"CVE-2018-4996\",\n \"CVE-2018-12812\",\n \"CVE-2018-12815\"\n );\n script_bugtraq_id(\n 104102,\n 104167,\n 104168,\n 104169,\n 104171,\n 104172,\n 104173,\n 104174,\n 104175,\n 104176,\n 104177\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Adobe Reader <= 2015.006.30417 / 2017.011.30079 / 2018.011.20038 Multiple Vulnerabilities (APSB18-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a\nversion prior or equal to 2015.006.30417, 2017.011.30079, or\n2018.011.20038. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30418 / 2017.011.30080\n/ 2018.011.20040 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::adobe_reader::get_app_info();\nconstraints = [\n { \"min_version\" : \"15.6\", \"max_version\" : \"15.6.30417\", \"fixed_version\" : \"15.6.30418\" },\n { \"min_version\" : \"17.8\", \"max_version\" : \"17.11.30079\", \"fixed_version\" : \"17.11.30080\" },\n { \"min_version\" : \"15.7\", \"max_version\" : \"18.11.20038\", \"fixed_version\" : \"18.11.20040\" }\n];\n# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic, \n# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T18:45:08", "description": "The version of Adobe Reader installed on the remote macOS or Mac OS X host is a version prior to 2015.006.30419, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12812", "CVE-2018-12815", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993", "CVE-2018-4995", "CVE-2018-4996"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB18-09.NASL", "href": "https://www.tenable.com/plugins/nessus/109898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109898);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-4947\",\n \"CVE-2018-4948\",\n \"CVE-2018-4949\",\n \"CVE-2018-4950\",\n \"CVE-2018-4951\",\n \"CVE-2018-4952\",\n \"CVE-2018-4953\",\n \"CVE-2018-4954\",\n \"CVE-2018-4955\",\n \"CVE-2018-4956\",\n \"CVE-2018-4957\",\n \"CVE-2018-4958\",\n \"CVE-2018-4959\",\n \"CVE-2018-4960\",\n \"CVE-2018-4961\",\n \"CVE-2018-4962\",\n \"CVE-2018-4963\",\n \"CVE-2018-4964\",\n \"CVE-2018-4965\",\n \"CVE-2018-4966\",\n \"CVE-2018-4967\",\n \"CVE-2018-4968\",\n \"CVE-2018-4969\",\n \"CVE-2018-4970\",\n \"CVE-2018-4971\",\n \"CVE-2018-4972\",\n \"CVE-2018-4973\",\n \"CVE-2018-4974\",\n \"CVE-2018-4975\",\n \"CVE-2018-4976\",\n \"CVE-2018-4977\",\n \"CVE-2018-4978\",\n \"CVE-2018-4979\",\n \"CVE-2018-4980\",\n \"CVE-2018-4981\",\n \"CVE-2018-4982\",\n \"CVE-2018-4983\",\n \"CVE-2018-4984\",\n \"CVE-2018-4985\",\n \"CVE-2018-4986\",\n \"CVE-2018-4987\",\n \"CVE-2018-4988\",\n \"CVE-2018-4989\",\n \"CVE-2018-4990\",\n \"CVE-2018-4993\",\n \"CVE-2018-4995\",\n \"CVE-2018-4996\",\n \"CVE-2018-12812\",\n \"CVE-2018-12815\"\n );\n script_bugtraq_id(\n 104102,\n 104167,\n 104168,\n 104169,\n 104171,\n 104172,\n 104173,\n 104174,\n 104175,\n 104176,\n 104177\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS or Mac OS X\nhost is a version prior to 2015.006.30419, 2017.011.30080,\nor 2018.011.20040. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 2015.006.30418 / 2017.011.30080\n/ 2018.011.20040 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"Adobe Reader\");\nbase_dir = app_info['path'] - \"/Applications\";\ntrack = get_kb_item(\"MacOSX/Adobe_Reader\"+base_dir+\"/Track\");\n\nif (!empty_or_null(track) && track == '2017')\n{\n constraints = [\n { \"min_version\" : \"17.8\", \"fixed_version\" : \"17.11.30080\" }\n ];\n}\nelse\n{\n constraints = [\n { \"min_version\" : \"15.6\", \"fixed_version\" : \"15.6.30418\" },\n { \"min_version\" : \"18.8\", \"fixed_version\" : \"18.11.20040\" }\n ];\n}\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:17:52", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813238", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813238\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:55 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30418 and earlier versions on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30418 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"15.006.30418\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30418 (2015.006.30418)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:11", "description": "This host is installed with Adobe Reader DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Reader DC (Classic Track) Security Updates (apsb18-09) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4946", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader DC (Classic Track) Security Updates (apsb18-09)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813240\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4946\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:55 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Reader DC (Classic Track) Security Updates (apsb18-09) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader DC (Classic Track)\n 2015.006.30418 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader DC (Classic Track) version\n 2015.006.30418 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30417\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30418 (2015.006.30418)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:39", "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb18-09)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310813230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813230", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb18-09)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813230\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:36 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb18-09)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 before 2017.011.30080 on\n MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30080 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30079\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30080 (2017.011.30080)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:00", "description": "This host is installed with Adobe Reader 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Reader 2017 Security Updates(apsb18-09)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813231", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader 2107 Security Updates(apsb18-09)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813231\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:36 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Reader 2017 Security Updates(apsb18-09)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017 prior to version\n 2017.011.30080 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader 2017 version\n 2017.011.30080 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30079\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2017.011.30080\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:15", "description": "This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09) - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813239", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09)-MAC OS X\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813239\");\n script_version(\"2019-07-05T08:21:18+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:21:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:55 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Acrobat DC (Classic Track) Security Updates (apsb18-09) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat DC (Classic Track)\n 2015.006.30418 and earlier versions on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat DC (Classic Track)\n version 2015.006.30418 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/AcrobatDC/Classic/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"15.006.30418\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30418 (2015.006.30418)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:05", "description": "This host is installed with Adobe Reader 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Reader 2017 Security Updates(apsb18-09)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader 2017 Security Updates(apsb18-09)-MAC OS X\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813233\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:36 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Reader 2017 Security Updates(apsb18-09)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat Reader 2017 prior to version\n 2017.011.30080 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat Reader 2017 version\n 2017.011.30080 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30079\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2017.011.30080\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:17:53", "description": "This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Acrobat 2017 Security Updates(apsb18-09)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4996", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310813232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat 2017 Security Updates(apsb18-09)-MAC OS X\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813232\");\n script_version(\"2019-07-16T10:51:36+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4996\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 10:51:36 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:36 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Acrobat 2017 Security Updates(apsb18-09)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Acrobat 2017\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Acrobat 2017 before 2017.011.30080 on\n MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat 2017 version\n 2017.011.30080 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"17.0\", test_version2:\"17.011.30079\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"17.011.30080 (2017.011.30080)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:27", "description": "This host is installed with Adobe Reader DC\n (Classic Track) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Adobe Reader DC (Classic Track) Security Updates (apsb18-09) - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4974", "CVE-2018-4970", "CVE-2018-4987", "CVE-2018-4981", "CVE-2018-4971", "CVE-2018-4948", "CVE-2018-4995", "CVE-2018-4986", "CVE-2018-4961", "CVE-2018-4965", "CVE-2018-4967", "CVE-2018-4947", "CVE-2018-4993", "CVE-2018-4985", "CVE-2018-4976", "CVE-2018-4950", "CVE-2018-4984", "CVE-2018-4960", "CVE-2018-12812", "CVE-2018-4975", "CVE-2018-4983", "CVE-2018-4978", "CVE-2018-4951", "CVE-2018-12815", "CVE-2018-4955", "CVE-2018-4963", "CVE-2018-4946", "CVE-2018-4959", "CVE-2018-4973", "CVE-2018-4968", "CVE-2018-4977", "CVE-2018-4953", "CVE-2018-4964", "CVE-2018-4982", "CVE-2018-4954", "CVE-2018-4956", "CVE-2018-4952", "CVE-2018-4966", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4972", "CVE-2018-4962", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4988", "CVE-2018-4969", "CVE-2018-4949", "CVE-2018-4980", "CVE-2018-4979"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader DC (Classic Track) Security Updates (apsb18-09)-MAC OS X\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader_dc_classic\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813241\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4990\", \"CVE-2018-4947\", \"CVE-2018-4948\", \"CVE-2018-4966\",\n \"CVE-2018-4968\", \"CVE-2018-4978\", \"CVE-2018-4982\", \"CVE-2018-4984\",\n \"CVE-2018-4946\", \"CVE-2018-4952\", \"CVE-2018-4954\", \"CVE-2018-4958\",\n \"CVE-2018-4959\", \"CVE-2018-4961\", \"CVE-2018-4971\", \"CVE-2018-4974\",\n \"CVE-2018-4977\", \"CVE-2018-4980\", \"CVE-2018-4983\", \"CVE-2018-4988\",\n \"CVE-2018-4989\", \"CVE-2018-4950\", \"CVE-2018-4979\", \"CVE-2018-4949\",\n \"CVE-2018-4951\", \"CVE-2018-4955\", \"CVE-2018-4956\", \"CVE-2018-4957\",\n \"CVE-2018-4962\", \"CVE-2018-4963\", \"CVE-2018-4964\", \"CVE-2018-4967\",\n \"CVE-2018-4969\", \"CVE-2018-4970\", \"CVE-2018-4972\", \"CVE-2018-4973\",\n \"CVE-2018-4975\", \"CVE-2018-4976\", \"CVE-2018-4981\", \"CVE-2018-4986\",\n \"CVE-2018-4985\", \"CVE-2018-4953\", \"CVE-2018-4987\", \"CVE-2018-4965\",\n \"CVE-2018-4993\", \"CVE-2018-4995\", \"CVE-2018-4960\", \"CVE-2018-12812\",\n \"CVE-2018-12815\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 12:13:55 +0530 (Tue, 15 May 2018)\");\n script_name(\"Adobe Reader DC (Classic Track) Security Updates (apsb18-09) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader DC\n (Classic Track) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to double\n Free, heap overflow, use-after-free, out-of-bounds write, security bypass,\n out-of-bounds read, type confusion, untrusted pointer dereference, memory\n corruption, NTLM SSO hash theft and HTTP POST new line injection via XFA\n submission errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to bypass security, disclose information and run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader DC (Classic Track)\n 2015.006.30418 and earlier on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader DC (Classic Track) version\n 2015.006.30418 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb18-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_acrobat_reader_dc_classic_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Acrobat/ReaderDC/Classic/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"15.0\", test_version2:\"15.006.30417\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"15.006.30418 (2015.006.30418)\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-05-21T19:18:28", "description": "\n\nIt\u2019s one thing when your security solutions help protect your organization from a devastating cyberattack. It\u2019s another thing when the company who develops your security solutions takes it to the next level to actually help catch those responsible for some of the biggest cyberattacks in the world. Earlier this week, Trend Micro disclosed the details of its exclusive investigative cooperation with the Federal Bureau of Investigation (FBI) to identify, arrest and bring to trial the individuals linked to the infamous Counter Antivirus (CAV) service Scan4You.\n\nIn 2012, Trend Micro began its research on Scan4You, which allowed cybercriminals to check the detection of their latest malware against more than 30 modern antivirus engines, enabling them to make attacks more successful. After close collaboration with the FBI, Scan4You went offline following the arrest of two suspected administrators in May 2017. Ruslans Bondars was found guilty as a result of the recent trial, while Jurijs Martisevs pleaded guilty in March 2018.\n\nYou can read more about \u201cThe Rise and Fall of {Scan4You}\u201d [here](<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-rise-and-fall-of-scan4you>).\n\n**Red Hat Fedora DHCP Client Network Manager Vulnerability**\n\nYesterday, Trend Micro released DVToolkit CSW file CVE-2018-1111.csw that contains the following filter:\n\n| \n\n * Filter C1000001: DHCP: Red Hat Fedora DHCP Client Network Manager Input Validation Vulnerability \n---|--- \n| \n \nThis command injection flaw found in a script included in the DHCP client (dhclient) packages affects Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager, which is configured to obtain network configuration using the DHCP protocol.\n\nNote: This filter will be obsoleted by MainlineDV filter 31851 in next week\u2019s package.\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before May 8, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [May 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/5/8/the-may-2018-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter** | **Status** \n---|---|---|--- \nAPSB18-16 | CVE-2018-4944 | 31588 | \nAPSB18-09 | CVE-2018-4946 | 31687 | \nAPSB18-09 | CVE-2018-4947 | 31688 | \nAPSB18-09 | CVE-2018-4948 | 31589 | \nAPSB18-09 | CVE-2018-4949 | 31592 | \nAPSB18-09 | CVE-2018-4950 | 31593 | \nAPSB18-09 | CVE-2018-4951 | 31594 | \nAPSB18-09 | CVE-2018-4952 | 31695 | \nAPSB18-09 | CVE-2018-4953 | 31696 | \nAPSB18-09 | CVE-2018-4954 | 31697 | \nAPSB18-09 | CVE-2018-4955 | 31698 | \nAPSB18-09 | CVE-2018-4956 | N/A | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB18-09 | CVE-2018-4957 | 31699 | \nAPSB18-09 | CVE-2018-4958 | 31700 | \nAPSB18-09 | CVE-2018-4959 | 31701 | \nAPSB18-09 | CVE-2018-4960 | 31702 | \nAPSB18-09 | CVE-2018-4961 | 31703 | \nAPSB18-09 | CVE-2018-4962 | 31704 | \nAPSB18-09 | CVE-2018-4963 | 31705 | \nAPSB18-09 | CVE-2018-4964 | 31706 | \nAPSB18-09 | CVE-2018-4965 | 31707 | \nAPSB18-09 | CVE-2018-4966 | 31708 | \nAPSB18-09 | CVE-2018-4967 | 31709 | \nAPSB18-09 | CVE-2018-4968 | 31710 | \nAPSB18-09 | CVE-2018-4969 | 31711 | \nAPSB18-09 | CVE-2018-4970 | 31712 | \nAPSB18-09 | CVE-2018-4971 | 31713 | \nAPSB18-09 | CVE-2018-4972 | 31714 | \nAPSB18-09 | CVE-2018-4973 | 31715 | \nAPSB18-09 | CVE-2018-4974 | 31716 | \nAPSB18-09 | CVE-2018-4975 | 31717 | \nAPSB18-09 | CVE-2018-4976 | 31718 | \nAPSB18-09 | CVE-2018-4977 | 31719 | \nAPSB18-09 | CVE-2018-4978 | 31720 | \nAPSB18-09 | CVE-2018-4979 | 31721 | \nAPSB18-09 | CVE-2018-4980 | 31722 | \nAPSB18-09 | CVE-2018-4981 | 31723 | \nAPSB18-09 | CVE-2018-4982 | 31724 | \nAPSB18-09 | CVE-2018-4983 | 31725 | \nAPSB18-09 | CVE-2018-4984 | 31726 | \nAPSB18-09 | CVE-2018-4985 | 31727 | \nAPSB18-09 | CVE-2018-4986 | 31597 | \nAPSB18-09 | CVE-2018-4987 | 31598 | \nAPSB18-09 | CVE-2018-4988 | 31596 | \nAPSB18-09 | CVE-2018-4989 | 31595 | \nAPSB18-09 | CVE-2018-4990 | 31591 | \nAPSB18-09 | CVE-2018-4993 | 31570 | \n \n[/lightTable]\n\n**Zero-Day Filters**\n\nThere are 11 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Advantech (5)_**\n\n| \n\n * 31622: ZDI-CAN-5587: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)\n * 31624: ZDI-CAN-5590: Zero Day Initiative Vulnerability (Advantech WebAccess Node)\n * 31627: ZDI-CAN-5595: Zero Day Initiative Vulnerability (Advantech WebAccess Node)\n * 31628: ZDI-CAN-5596: Zero Day Initiative Vulnerability (Advantech WebAccess Node)\n * 31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node) \n---|--- \n| \n \n**_Microsoft (2)_**\n\n| \n\n * 31620: ZDI-CAN-5567: Zero Day Initiative Vulnerability (Microsoft Visual Studio)\n * 31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams) \n---|--- \n| \n \n**_Omron (1)_**\n\n| \n\n * 30435: HTTP: Omron CX-One CX-FLnet Version Buffer Overflow Vulnerability (ZDI-18-289) \n---|--- \n| \n \n**_Trend Micro (3)_**\n\n| \n\n * 31619: ZDI-CAN-5553: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)\n * 31625: ZDI-CAN-5592: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)\n * 31626: ZDI-CAN-5594: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-may-7-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 14, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-may-14-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "cvss3": {}, "published": "2018-05-18T14:52:12", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 14, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-1111", "CVE-2018-4944", "CVE-2018-4946", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993"], "modified": "2018-05-18T14:52:12", "id": "TRENDMICROBLOG:52B0618B9393F16E911AB8A5CC487A7C", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-may-14-2018/", "cvss": {"score": 0.0, "vector": "NONE"}}], "adobe": [{"lastseen": "2021-09-30T17:39:34", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address [critical]() vulnerabilities whose successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-14T00:00:00", "type": "adobe", "title": "APSB18-09 Security Updates Available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12812", "CVE-2018-12815", "CVE-2018-4946", "CVE-2018-4947", "CVE-2018-4948", "CVE-2018-4949", "CVE-2018-4950", "CVE-2018-4951", "CVE-2018-4952", "CVE-2018-4953", "CVE-2018-4954", "CVE-2018-4955", "CVE-2018-4956", "CVE-2018-4957", "CVE-2018-4958", "CVE-2018-4959", "CVE-2018-4960", "CVE-2018-4961", "CVE-2018-4962", "CVE-2018-4963", "CVE-2018-4964", "CVE-2018-4965", "CVE-2018-4966", "CVE-2018-4967", "CVE-2018-4968", "CVE-2018-4969", "CVE-2018-4970", "CVE-2018-4971", "CVE-2018-4972", "CVE-2018-4973", "CVE-2018-4974", "CVE-2018-4975", "CVE-2018-4976", "CVE-2018-4977", "CVE-2018-4978", "CVE-2018-4979", "CVE-2018-4980", "CVE-2018-4981", "CVE-2018-4982", "CVE-2018-4983", "CVE-2018-4984", "CVE-2018-4985", "CVE-2018-4986", "CVE-2018-4987", "CVE-2018-4988", "CVE-2018-4989", "CVE-2018-4990", "CVE-2018-4993", "CVE-2018-4994", "CVE-2018-4995", "CVE-2018-4996"], "modified": "2018-05-25T00:00:00", "id": "APSB18-09", "href": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Adobe Acrobat Pro DC ImageConversion EMF GIF ImageDescriptor Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
