Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability

2022-04-28T00:00:00

Description

This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

{"id": "ZDI-22-667", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability", "description": "This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "published": "2022-04-28T00:00:00", "modified": "2022-04-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-667/", "reporter": "Mat Powell of Trend Micro Zero Day Initiative", "references": ["https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"], "cvelist": ["CVE-2022-28250"], "immutableFields": [], "lastseen": "2022-05-20T15:20:52", "viewCount": 1, "enchantments": {"score": {"value": 3.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "adobe", "idList": ["APSB22-16"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0150"]}, {"type": "cve", "idList": ["CVE-2022-28250"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB22-16.NASL", "ADOBE_READER_APSB22-16.NASL", "MACOS_ADOBE_ACROBAT_APSB22-16.NASL", "MACOS_ADOBE_READER_APSB22-16.NASL"]}]}, "vulnersScore": 3.1}, "_state": {"score": 1660007784, "dependencies": 1660004461}, "_internal": {"score_hash": "ad39bc256989688a1310be66f64c4317"}}

{"checkpoint_advisories": [{"lastseen": "2022-05-20T23:31:39", "description": "A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB22-16: CVE-2022-28250)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28250"], "modified": "2022-04-12T00:00:00", "id": "CPAI-2022-0150", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-05-20T14:46:13", "description": "Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-11T18:15:00", "type": "cve", "title": "CVE-2022-28250", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28250"], "modified": "2022-05-20T12:42:00", "cpe": ["cpe:/a:adobe:acrobat:20.005.30314", "cpe:/a:adobe:acrobat_reader:20.005.30311", "cpe:/a:adobe:acrobat_reader_dc:22.001.20085", "cpe:/a:adobe:acrobat:17.012.30205", "cpe:/a:adobe:acrobat_reader:20.005.30314", "cpe:/a:adobe:acrobat_reader:17.012.30205", "cpe:/a:adobe:acrobat:20.005.30311", "cpe:/a:adobe:acrobat_dc:22.001.20085"], "id": "CVE-2022-28250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28250", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:17.012.30205:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.012.30205:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.005.30311:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:22.001.20085:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:20.005.30314:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:22.001.20085:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.005.30311:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.005.30314:*:*:*:classic:*:*:*"]}], "adobe": [{"lastseen": "2022-10-21T17:04:12", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](), [important]() and [moderate]() vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "adobe", "title": "APSB22-16 : Security update available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24101", "CVE-2022-24102", "CVE-2022-24103", "CVE-2022-24104", "CVE-2022-27785", "CVE-2022-27786", "CVE-2022-27787", "CVE-2022-27788", "CVE-2022-27789", "CVE-2022-27790", "CVE-2022-27791", "CVE-2022-27792", "CVE-2022-27793", "CVE-2022-27794", "CVE-2022-27795", "CVE-2022-27796", "CVE-2022-27797", "CVE-2022-27798", "CVE-2022-27799", "CVE-2022-27800", "CVE-2022-27801", "CVE-2022-27802", "CVE-2022-28230", "CVE-2022-28231", "CVE-2022-28232", "CVE-2022-28233", "CVE-2022-28234", "CVE-2022-28235", "CVE-2022-28236", "CVE-2022-28237", "CVE-2022-28238", "CVE-2022-28239", "CVE-2022-28240", "CVE-2022-28241", "CVE-2022-28242", "CVE-2022-28243", "CVE-2022-28244", "CVE-2022-28245", "CVE-2022-28246", "CVE-2022-28247", "CVE-2022-28248", "CVE-2022-28249", "CVE-2022-28250", "CVE-2022-28251", "CVE-2022-28252", "CVE-2022-28253", "CVE-2022-28254", "CVE-2022-28255", "CVE-2022-28256", "CVE-2022-28257", "CVE-2022-28258", "CVE-2022-28259", "CVE-2022-28260", "CVE-2022-28261", "CVE-2022-28262", "CVE-2022-28263", "CVE-2022-28264", "CVE-2022-28265", "CVE-2022-28266", "CVE-2022-28267", "CVE-2022-28268", "CVE-2022-28269", "CVE-2022-28837", "CVE-2022-28838", "CVE-2022-35672"], "modified": "2022-04-12T00:00:00", "id": "APSB22-16", "href": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-10T19:20:10", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44702", "CVE-2021-44706", "CVE-2021-44739", "CVE-2021-45064", "CVE-2021-45067", "CVE-2022-24091", "CVE-2022-24092", "CVE-2022-24101", "CVE-2022-24102", "CVE-2022-24103", "CVE-2022-24104", "CVE-2022-27785", "CVE-2022-27786", "CVE-2022-27787", "CVE-2022-27788", "CVE-2022-27789", "CVE-2022-27790", "CVE-2022-27791", "CVE-2022-27792", "CVE-2022-27793", "CVE-2022-27794", "CVE-2022-27795", "CVE-2022-27796", "CVE-2022-27797", "CVE-2022-27798", "CVE-2022-27799", "CVE-2022-27800", "CVE-2022-27801", "CVE-2022-27802", "CVE-2022-28230", "CVE-2022-28231", "CVE-2022-28232", "CVE-2022-28233", "CVE-2022-28234", "CVE-2022-28235", "CVE-2022-28236", "CVE-2022-28237", "CVE-2022-28238", "CVE-2022-28239", "CVE-2022-28240", "CVE-2022-28241", "CVE-2022-28242", "CVE-2022-28243", "CVE-2022-28244", "CVE-2022-28245", "CVE-2022-28246", "CVE-2022-28247", "CVE-2022-28248", "CVE-2022-28249", "CVE-2022-28250", "CVE-2022-28251", "CVE-2022-28252", "CVE-2022-28253", "CVE-2022-28254", "CVE-2022-28255", "CVE-2022-28256", "CVE-2022-28257", "CVE-2022-28258", "CVE-2022-28259", "CVE-2022-28260", "CVE-2022-28261", "CVE-2022-28262", "CVE-2022-28263", "CVE-2022-28264", "CVE-2022-28265", "CVE-2022-28266", "CVE-2022-28267", "CVE-2022-28268", "CVE-2022-28269", "CVE-2022-28837", "CVE-2022-28838"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB22-16.NASL", "href": "https://www.tenable.com/plugins/nessus/159656", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159656);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\n \"CVE-2022-24101\",\n \"CVE-2022-24102\",\n \"CVE-2022-24103\",\n \"CVE-2022-24104\",\n \"CVE-2022-27785\",\n \"CVE-2022-27786\",\n \"CVE-2022-27787\",\n \"CVE-2022-27788\",\n \"CVE-2022-27789\",\n \"CVE-2022-27790\",\n \"CVE-2022-27791\",\n \"CVE-2022-27792\",\n \"CVE-2022-27793\",\n \"CVE-2022-27794\",\n \"CVE-2022-27795\",\n \"CVE-2022-27796\",\n \"CVE-2022-27797\",\n \"CVE-2022-27798\",\n \"CVE-2022-27799\",\n \"CVE-2022-27800\",\n \"CVE-2022-27801\",\n \"CVE-2022-27802\",\n \"CVE-2022-28230\",\n \"CVE-2022-28231\",\n \"CVE-2022-28232\",\n \"CVE-2022-28233\",\n \"CVE-2022-28234\",\n \"CVE-2022-28235\",\n \"CVE-2022-28236\",\n \"CVE-2022-28237\",\n \"CVE-2022-28238\",\n \"CVE-2022-28239\",\n \"CVE-2022-28240\",\n \"CVE-2022-28241\",\n \"CVE-2022-28242\",\n \"CVE-2022-28243\",\n \"CVE-2022-28244\",\n \"CVE-2022-28245\",\n \"CVE-2022-28246\",\n \"CVE-2022-28247\",\n \"CVE-2022-28248\",\n \"CVE-2022-28249\",\n \"CVE-2022-28250\",\n \"CVE-2022-28251\",\n \"CVE-2022-28252\",\n \"CVE-2022-28253\",\n \"CVE-2022-28254\",\n \"CVE-2022-28255\",\n \"CVE-2022-28256\",\n \"CVE-2022-28257\",\n \"CVE-2022-28258\",\n \"CVE-2022-28259\",\n \"CVE-2022-28260\",\n \"CVE-2022-28261\",\n \"CVE-2022-28262\",\n \"CVE-2022-28263\",\n \"CVE-2022-28264\",\n \"CVE-2022-28265\",\n \"CVE-2022-28266\",\n \"CVE-2022-28267\",\n \"CVE-2022-28268\",\n \"CVE-2022-28269\",\n \"CVE-2022-28837\",\n \"CVE-2022-28838\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0152-S\");\n\n script_name(english:\"Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229,\n20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that\n could result in arbitrary code execution in the context of the current user. Exploitation of this issue\n requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit\n an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to\n disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such\n as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/353.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/657.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/824.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334\n/ 22.001.20112 / 22.001.20117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:20:57", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44702", "CVE-2021-44706", "CVE-2021-44739", "CVE-2021-45064", "CVE-2021-45067", "CVE-2022-24091", "CVE-2022-24092", "CVE-2022-24101", "CVE-2022-24102", "CVE-2022-24103", "CVE-2022-24104", "CVE-2022-27785", "CVE-2022-27786", "CVE-2022-27787", "CVE-2022-27788", "CVE-2022-27789", "CVE-2022-27790", "CVE-2022-27791", "CVE-2022-27792", "CVE-2022-27793", "CVE-2022-27794", "CVE-2022-27795", "CVE-2022-27796", "CVE-2022-27797", "CVE-2022-27798", "CVE-2022-27799", "CVE-2022-27800", "CVE-2022-27801", "CVE-2022-27802", "CVE-2022-28230", "CVE-2022-28231", "CVE-2022-28232", "CVE-2022-28233", "CVE-2022-28234", "CVE-2022-28235", "CVE-2022-28236", "CVE-2022-28237", "CVE-2022-28238", "CVE-2022-28239", "CVE-2022-28240", "CVE-2022-28241", "CVE-2022-28242", "CVE-2022-28243", "CVE-2022-28244", "CVE-2022-28245", "CVE-2022-28246", "CVE-2022-28247", "CVE-2022-28248", "CVE-2022-28249", "CVE-2022-28250", "CVE-2022-28251", "CVE-2022-28252", "CVE-2022-28253", "CVE-2022-28254", "CVE-2022-28255", "CVE-2022-28256", "CVE-2022-28257", "CVE-2022-28258", "CVE-2022-28259", "CVE-2022-28260", "CVE-2022-28261", "CVE-2022-28262", "CVE-2022-28263", "CVE-2022-28264", "CVE-2022-28265", "CVE-2022-28266", "CVE-2022-28267", "CVE-2022-28268", "CVE-2022-28269", "CVE-2022-28837", "CVE-2022-28838"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB22-16.NASL", "href": "https://www.tenable.com/plugins/nessus/159657", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159657);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\n \"CVE-2022-24101\",\n \"CVE-2022-24102\",\n \"CVE-2022-24103\",\n \"CVE-2022-24104\",\n \"CVE-2022-27785\",\n \"CVE-2022-27786\",\n \"CVE-2022-27787\",\n \"CVE-2022-27788\",\n \"CVE-2022-27789\",\n \"CVE-2022-27790\",\n \"CVE-2022-27791\",\n \"CVE-2022-27792\",\n \"CVE-2022-27793\",\n \"CVE-2022-27794\",\n \"CVE-2022-27795\",\n \"CVE-2022-27796\",\n \"CVE-2022-27797\",\n \"CVE-2022-27798\",\n \"CVE-2022-27799\",\n \"CVE-2022-27800\",\n \"CVE-2022-27801\",\n \"CVE-2022-27802\",\n \"CVE-2022-28230\",\n \"CVE-2022-28231\",\n \"CVE-2022-28232\",\n \"CVE-2022-28233\",\n \"CVE-2022-28234\",\n \"CVE-2022-28235\",\n \"CVE-2022-28236\",\n \"CVE-2022-28237\",\n \"CVE-2022-28238\",\n \"CVE-2022-28239\",\n \"CVE-2022-28240\",\n \"CVE-2022-28241\",\n \"CVE-2022-28242\",\n \"CVE-2022-28243\",\n \"CVE-2022-28244\",\n \"CVE-2022-28245\",\n \"CVE-2022-28246\",\n \"CVE-2022-28247\",\n \"CVE-2022-28248\",\n \"CVE-2022-28249\",\n \"CVE-2022-28250\",\n \"CVE-2022-28251\",\n \"CVE-2022-28252\",\n \"CVE-2022-28253\",\n \"CVE-2022-28254\",\n \"CVE-2022-28255\",\n \"CVE-2022-28256\",\n \"CVE-2022-28257\",\n \"CVE-2022-28258\",\n \"CVE-2022-28259\",\n \"CVE-2022-28260\",\n \"CVE-2022-28261\",\n \"CVE-2022-28262\",\n \"CVE-2022-28263\",\n \"CVE-2022-28264\",\n \"CVE-2022-28265\",\n \"CVE-2022-28266\",\n \"CVE-2022-28267\",\n \"CVE-2022-28268\",\n \"CVE-2022-28269\",\n \"CVE-2022-28837\",\n \"CVE-2022-28838\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0152-S\");\n\n script_name(english:\"Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a version prior to 17.012.30227, 17.012.30229,\n20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that\n could result in arbitrary code execution in the context of the current user. Exploitation of this issue\n requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit\n an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to\n disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such\n as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/353.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/657.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/824.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334\n/ 22.001.20112 / 22.001.20117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:20:31", "description": "The version of Adobe Acrobat installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44702", "CVE-2021-44706", "CVE-2021-44739", "CVE-2021-45064", "CVE-2021-45067", "CVE-2022-24091", "CVE-2022-24092", "CVE-2022-24101", "CVE-2022-24102", "CVE-2022-24103", "CVE-2022-24104", "CVE-2022-27785", "CVE-2022-27786", "CVE-2022-27787", "CVE-2022-27788", "CVE-2022-27789", "CVE-2022-27790", "CVE-2022-27791", "CVE-2022-27792", "CVE-2022-27793", "CVE-2022-27794", "CVE-2022-27795", "CVE-2022-27796", "CVE-2022-27797", "CVE-2022-27798", "CVE-2022-27799", "CVE-2022-27800", "CVE-2022-27801", "CVE-2022-27802", "CVE-2022-28230", "CVE-2022-28231", "CVE-2022-28232", "CVE-2022-28233", "CVE-2022-28234", "CVE-2022-28235", "CVE-2022-28236", "CVE-2022-28237", "CVE-2022-28238", "CVE-2022-28239", "CVE-2022-28240", "CVE-2022-28241", "CVE-2022-28242", "CVE-2022-28243", "CVE-2022-28244", "CVE-2022-28245", "CVE-2022-28246", "CVE-2022-28247", "CVE-2022-28248", "CVE-2022-28249", "CVE-2022-28250", "CVE-2022-28251", "CVE-2022-28252", "CVE-2022-28253", "CVE-2022-28254", "CVE-2022-28255", "CVE-2022-28256", "CVE-2022-28257", "CVE-2022-28258", "CVE-2022-28259", "CVE-2022-28260", "CVE-2022-28261", "CVE-2022-28262", "CVE-2022-28263", "CVE-2022-28264", "CVE-2022-28265", "CVE-2022-28266", "CVE-2022-28267", "CVE-2022-28268", "CVE-2022-28269", "CVE-2022-28837", "CVE-2022-28838"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOS_ADOBE_ACROBAT_APSB22-16.NASL", "href": "https://www.tenable.com/plugins/nessus/159658", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159658);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\n \"CVE-2022-24101\",\n \"CVE-2022-24102\",\n \"CVE-2022-24103\",\n \"CVE-2022-24104\",\n \"CVE-2022-27785\",\n \"CVE-2022-27786\",\n \"CVE-2022-27787\",\n \"CVE-2022-27788\",\n \"CVE-2022-27789\",\n \"CVE-2022-27790\",\n \"CVE-2022-27791\",\n \"CVE-2022-27792\",\n \"CVE-2022-27793\",\n \"CVE-2022-27794\",\n \"CVE-2022-27795\",\n \"CVE-2022-27796\",\n \"CVE-2022-27797\",\n \"CVE-2022-27798\",\n \"CVE-2022-27799\",\n \"CVE-2022-27800\",\n \"CVE-2022-27801\",\n \"CVE-2022-27802\",\n \"CVE-2022-28230\",\n \"CVE-2022-28231\",\n \"CVE-2022-28232\",\n \"CVE-2022-28233\",\n \"CVE-2022-28234\",\n \"CVE-2022-28235\",\n \"CVE-2022-28236\",\n \"CVE-2022-28237\",\n \"CVE-2022-28238\",\n \"CVE-2022-28239\",\n \"CVE-2022-28240\",\n \"CVE-2022-28241\",\n \"CVE-2022-28242\",\n \"CVE-2022-28243\",\n \"CVE-2022-28244\",\n \"CVE-2022-28245\",\n \"CVE-2022-28246\",\n \"CVE-2022-28247\",\n \"CVE-2022-28248\",\n \"CVE-2022-28249\",\n \"CVE-2022-28250\",\n \"CVE-2022-28251\",\n \"CVE-2022-28252\",\n \"CVE-2022-28253\",\n \"CVE-2022-28254\",\n \"CVE-2022-28255\",\n \"CVE-2022-28256\",\n \"CVE-2022-28257\",\n \"CVE-2022-28258\",\n \"CVE-2022-28259\",\n \"CVE-2022-28260\",\n \"CVE-2022-28261\",\n \"CVE-2022-28262\",\n \"CVE-2022-28263\",\n \"CVE-2022-28264\",\n \"CVE-2022-28265\",\n \"CVE-2022-28266\",\n \"CVE-2022-28267\",\n \"CVE-2022-28268\",\n \"CVE-2022-28269\",\n \"CVE-2022-28837\",\n \"CVE-2022-28838\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0152-S\");\n\n script_name(english:\"Adobe Acrobat < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229,\n20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that\n could result in arbitrary code execution in the context of the current user. Exploitation of this issue\n requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit\n an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to\n disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such\n as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/353.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/657.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/824.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334\n/ 22.001.20112 / 22.001.20117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nvar app_info = vcf::get_app_info(app:'Adobe Acrobat');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:20:31", "description": "The version of Adobe Reader installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229, 20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44702", "CVE-2021-44706", "CVE-2021-44739", "CVE-2021-45064", "CVE-2021-45067", "CVE-2022-24091", "CVE-2022-24092", "CVE-2022-24101", "CVE-2022-24102", "CVE-2022-24103", "CVE-2022-24104", "CVE-2022-27785", "CVE-2022-27786", "CVE-2022-27787", "CVE-2022-27788", "CVE-2022-27789", "CVE-2022-27790", "CVE-2022-27791", "CVE-2022-27792", "CVE-2022-27793", "CVE-2022-27794", "CVE-2022-27795", "CVE-2022-27796", "CVE-2022-27797", "CVE-2022-27798", "CVE-2022-27799", "CVE-2022-27800", "CVE-2022-27801", "CVE-2022-27802", "CVE-2022-28230", "CVE-2022-28231", "CVE-2022-28232", "CVE-2022-28233", "CVE-2022-28234", "CVE-2022-28235", "CVE-2022-28236", "CVE-2022-28237", "CVE-2022-28238", "CVE-2022-28239", "CVE-2022-28240", "CVE-2022-28241", "CVE-2022-28242", "CVE-2022-28243", "CVE-2022-28244", "CVE-2022-28245", "CVE-2022-28246", "CVE-2022-28247", "CVE-2022-28248", "CVE-2022-28249", "CVE-2022-28250", "CVE-2022-28251", "CVE-2022-28252", "CVE-2022-28253", "CVE-2022-28254", "CVE-2022-28255", "CVE-2022-28256", "CVE-2022-28257", "CVE-2022-28258", "CVE-2022-28259", "CVE-2022-28260", "CVE-2022-28261", "CVE-2022-28262", "CVE-2022-28263", "CVE-2022-28264", "CVE-2022-28265", "CVE-2022-28266", "CVE-2022-28267", "CVE-2022-28268", "CVE-2022-28269", "CVE-2022-28837", "CVE-2022-28838"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOS_ADOBE_READER_APSB22-16.NASL", "href": "https://www.tenable.com/plugins/nessus/159659", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159659);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\n \"CVE-2022-24101\",\n \"CVE-2022-24102\",\n \"CVE-2022-24103\",\n \"CVE-2022-24104\",\n \"CVE-2022-27785\",\n \"CVE-2022-27786\",\n \"CVE-2022-27787\",\n \"CVE-2022-27788\",\n \"CVE-2022-27789\",\n \"CVE-2022-27790\",\n \"CVE-2022-27791\",\n \"CVE-2022-27792\",\n \"CVE-2022-27793\",\n \"CVE-2022-27794\",\n \"CVE-2022-27795\",\n \"CVE-2022-27796\",\n \"CVE-2022-27797\",\n \"CVE-2022-27798\",\n \"CVE-2022-27799\",\n \"CVE-2022-27800\",\n \"CVE-2022-27801\",\n \"CVE-2022-27802\",\n \"CVE-2022-28230\",\n \"CVE-2022-28231\",\n \"CVE-2022-28232\",\n \"CVE-2022-28233\",\n \"CVE-2022-28234\",\n \"CVE-2022-28235\",\n \"CVE-2022-28236\",\n \"CVE-2022-28237\",\n \"CVE-2022-28238\",\n \"CVE-2022-28239\",\n \"CVE-2022-28240\",\n \"CVE-2022-28241\",\n \"CVE-2022-28242\",\n \"CVE-2022-28243\",\n \"CVE-2022-28244\",\n \"CVE-2022-28245\",\n \"CVE-2022-28246\",\n \"CVE-2022-28247\",\n \"CVE-2022-28248\",\n \"CVE-2022-28249\",\n \"CVE-2022-28250\",\n \"CVE-2022-28251\",\n \"CVE-2022-28252\",\n \"CVE-2022-28253\",\n \"CVE-2022-28254\",\n \"CVE-2022-28255\",\n \"CVE-2022-28256\",\n \"CVE-2022-28257\",\n \"CVE-2022-28258\",\n \"CVE-2022-28259\",\n \"CVE-2022-28260\",\n \"CVE-2022-28261\",\n \"CVE-2022-28262\",\n \"CVE-2022-28263\",\n \"CVE-2022-28264\",\n \"CVE-2022-28265\",\n \"CVE-2022-28266\",\n \"CVE-2022-28267\",\n \"CVE-2022-28268\",\n \"CVE-2022-28269\",\n \"CVE-2022-28837\",\n \"CVE-2022-28838\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0013-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0152-S\");\n\n script_name(english:\"Adobe Reader < 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334 / 22.001.20112 / 22.001.20117 Multiple Vulnerabilities (APSB22-16) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a version prior to 17.012.30227, 17.012.30229,\n20.005.30331, 20.005.30331, 20.005.30334, 20.005.30334, 22.001.20112, or 22.001.20117. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that\n could result in arbitrary code execution in the context of the current user. Exploitation of this issue\n requires user interaction in that a victim must open a malicious file. (CVE-2021-44706, CVE-2021-45064)\n\n - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and\n 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated\n attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue\n requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit\n an attacker controlled web page. (CVE-2021-44739)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to\n disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such\n as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-45067)\n\n - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/353.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/657.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/824.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb22-16.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 17.012.30227 / 17.012.30229 / 20.005.30331 / 20.005.30331 / 20.005.30334 / 20.005.30334\n/ 22.001.20112 / 22.001.20117 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 353, 416, 657, 787, 824);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nvar app_info = vcf::get_app_info(app:'Adobe Reader');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20117' },\n { 'min_version' : '15.7', 'max_version' : '22.001.20085', 'fixed_version' : '22.001.20112' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30334' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30314', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '20.1', 'max_version' : '20.005.30311', 'fixed_version' : '20.005.30331' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30229' },\n { 'min_version' : '17.8', 'max_version' : '17.012.30205', 'fixed_version' : '17.012.30227' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability

Description

Related