Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ACROBAT_APSB14-20.NASL
HistorySep 16, 2014 - 12:00 a.m.

Adobe Acrobat < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)

2014-09-1600:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.431

Percentile

97.4%

JSON

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.12 / 11.0.09. It is, therefore, affected by the following vulnerabilities :

  • A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0560)

  • A heap-based buffer overflow exists that allows arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  • A memory corruption error exists that allows denial of service attacks. (CVE-2014-0563)

  • Memory corruption errors exist that allows arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)

  • An unspecified error exists that allows the bypassing of the sandbox security restrictions. (CVE-2014-0568)

  • A race condition exists in the ‘MoveFileEx’ call hook feature that allows attackers to bypass the sandbox protection mechanism to write files to arbitrary locations. Note that this issue only affects Adobe Acrobat 11.x. This issue has not been officially fixed in APSB14-20; however, it is unlikely to be exploitable due to a related defense-in-depth change in version 11.0.09. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77711);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2014-0560",
    "CVE-2014-0561",
    "CVE-2014-0563",
    "CVE-2014-0565",
    "CVE-2014-0566",
    "CVE-2014-0567",
    "CVE-2014-0568",
    "CVE-2014-9150"
  );
  script_bugtraq_id(
    69821,
    69823,
    69824,
    69825,
    69826,
    69827,
    69828,
    71366
  );

  script_name(english:"Adobe Acrobat < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)");
  script_summary(english:"Checks the version of Adobe Acrobat.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat on the remote Windows host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote host is a version
prior to 10.1.12 / 11.0.09. It is, therefore, affected by the
following vulnerabilities :

  - A use-after-free error exists that allows arbitrary code
    execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows
    arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - A memory corruption error exists that allows denial of
    service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allows arbitrary
    code execution. (CVE-2014-0565, CVE-2014-0566)

  - An unspecified error exists that allows the bypassing
    of the sandbox security restrictions. (CVE-2014-0568)

  - A race condition exists in the 'MoveFileEx' call hook
    feature that allows attackers to bypass the sandbox
    protection mechanism to write files to arbitrary
    locations. Note that this issue only affects Adobe
    Acrobat 11.x. This issue has not been officially fixed
    in APSB14-20; however, it is unlikely to be exploitable
    due to a related defense-in-depth change in version
    11.0.09. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/reader/apsb14-20.html");
  # https://code.google.com/p/google-security-research/issues/detail?id=103
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9107f739");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0568");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_acrobat_installed.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

app_name = "Adobe Acrobat";
install = get_single_install(app_name:app_name);

version = install['version'];
path    = install['path'];
verui   = install['display_version'];

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  (ver[0] == 10 && ver[1] < 1) ||
  (ver[0] == 10 && ver[1] == 1 && ver[2] < 12) ||
  (ver[0] == 11 && ver[1] == 0 && ver[2] < 9)
)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report = '\n  Path              : '+path+
             '\n  Installed version : '+verui+
             '\n  Fixed version     : 10.1.12 / 11.0.09' +
             '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);

Related

nessus 11
openvas 12
prion 8
nvd 8
cvelist 8
cve 8
ubuntucve 7
checkpoint_advisories 4
symantec 1
zdi 2
threatpost 1
googleprojectzero 1
kaspersky 2
securityvulns 1
nessus
nessus
Adobe Reader < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)
2014-09-16 00:00:00
Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)
2014-09-16 00:00:00
Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)
2014-09-16 00:00:00
openvas
openvas
Adobe Acrobat Multiple Vulnerabilities-01 (Sep 2014) - Windows
2014-09-19 00:00:00
Adobe Reader Multiple Vulnerabilities-01 (Sep 2014) - Windows
2014-09-19 00:00:00
Adobe Acrobat Multiple Vulnerabilities-01 (Sep 2014) - Mac OS X
2014-09-19 00:00:00
prion
prion
Race condition
2014-11-30 02:59:00
Memory corruption
2014-09-17 10:55:00
Memory corruption
2014-09-17 10:55:00
nvd
nvd
CVE-2014-9150
2014-11-30 02:59:00
CVE-2014-0566
2014-09-17 10:55:06
CVE-2014-0565
2014-09-17 10:55:06
cvelist
cvelist
CVE-2014-9150
2014-11-30 02:00:00
CVE-2014-0566
2014-09-17 10:00:00
CVE-2014-0565
2014-09-17 10:00:00
cve
cve
CVE-2014-9150
2014-11-30 02:59:00
CVE-2014-0566
2014-09-17 10:55:06
CVE-2014-0565
2014-09-17 10:55:06
ubuntucve
ubuntucve
CVE-2014-0566
2014-09-17 00:00:00
CVE-2014-0565
2014-09-17 00:00:00
CVE-2014-0561
2014-09-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Time of Check Time of Use Race Condition (APSB14-28: CVE-2014-9150)
2015-01-15 00:00:00
Adobe Acrobat and Reader Sandbox Bypass (APSB14-20; CVE-2014-0568)
2014-09-21 00:00:00
Adobe Acrobat and Reader Memory Corruption (APSB14-20: CVE-2014-0565)
2014-09-21 00:00:00
symantec
symantec
Adobe Reader and Acrobat CVE-2014-0565 Remote Code Execution Vulnerability
2014-09-16 00:00:00
zdi
zdi
Adobe Reader 3DIF Plugin Heap Buffer Overflow Remote Code Execution Vulnerability
2014-09-16 00:00:00
Adobe Reader replace() Heap Buffer Overflow Remote Code Execution Vulnerability
2014-09-16 00:00:00
threatpost
threatpost
December 2014 Adobe Flash, Reader, Acrobat, ColdFusion Patch
2014-12-09 12:17:22
googleprojectzero
googleprojectzero
Windows 10^H^H Symbolic Link Mitigations
2015-08-25 00:00:00
kaspersky
kaspersky
KLA10440 Multiple vulnerabilities in Adobe Acrobat & Reader
2014-09-09 00:00:00
KLA10628 Multiple vulnerabilities in Adobe Acrobat
2015-07-14 00:00:00
securityvulns
securityvulns
Adobe Reader / Acrobat multiple security vulnerabilities
2015-07-19 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.431

Percentile

97.4%

JSON
Related for ADOBE_ACROBAT_APSB14-20.NASL
nessus11openvas12prion8nvd8cvelist8cve8ubuntucve7checkpoint_advisories4symantec1zdi2threatpost1googleprojectzero1kaspersky2securityvulns1