CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%
The version of Adobe Acrobat installed on the remote Windows host is prior to 11.0.18, 15.006.30243, or 15.020.20039. It is, therefore, affected by multiple vulnerabilities :
Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993)
Multiple heap buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6939, CVE-2016-6994)
Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, CVE-2016-7853, CVE-2016-7854)
A security bypass vulnerability exists that allows an unauthenticated, remote attacker to bypass restrictions on JavaScript API execution. (CVE-2016-6957)
An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to bypass security restrictions. (CVE-2016-6958)
An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6999)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(94071);
script_version("1.12");
script_cvs_date("Date: 2019/02/26 4:50:09");
script_cve_id(
"CVE-2016-1089",
"CVE-2016-1091",
"CVE-2016-6939",
"CVE-2016-6940",
"CVE-2016-6941",
"CVE-2016-6942",
"CVE-2016-6943",
"CVE-2016-6944",
"CVE-2016-6945",
"CVE-2016-6946",
"CVE-2016-6947",
"CVE-2016-6948",
"CVE-2016-6949",
"CVE-2016-6950",
"CVE-2016-6951",
"CVE-2016-6952",
"CVE-2016-6953",
"CVE-2016-6954",
"CVE-2016-6955",
"CVE-2016-6956",
"CVE-2016-6957",
"CVE-2016-6958",
"CVE-2016-6959",
"CVE-2016-6960",
"CVE-2016-6961",
"CVE-2016-6962",
"CVE-2016-6963",
"CVE-2016-6964",
"CVE-2016-6965",
"CVE-2016-6966",
"CVE-2016-6967",
"CVE-2016-6968",
"CVE-2016-6969",
"CVE-2016-6970",
"CVE-2016-6971",
"CVE-2016-6972",
"CVE-2016-6973",
"CVE-2016-6974",
"CVE-2016-6975",
"CVE-2016-6976",
"CVE-2016-6977",
"CVE-2016-6978",
"CVE-2016-6979",
"CVE-2016-6988",
"CVE-2016-6993",
"CVE-2016-6994",
"CVE-2016-6995",
"CVE-2016-6996",
"CVE-2016-6997",
"CVE-2016-6998",
"CVE-2016-6999",
"CVE-2016-7000",
"CVE-2016-7001",
"CVE-2016-7002",
"CVE-2016-7003",
"CVE-2016-7004",
"CVE-2016-7005",
"CVE-2016-7006",
"CVE-2016-7007",
"CVE-2016-7008",
"CVE-2016-7009",
"CVE-2016-7010",
"CVE-2016-7011",
"CVE-2016-7012",
"CVE-2016-7013",
"CVE-2016-7014",
"CVE-2016-7015",
"CVE-2016-7016",
"CVE-2016-7017",
"CVE-2016-7018",
"CVE-2016-7019",
"CVE-2016-7852",
"CVE-2016-7853",
"CVE-2016-7854"
);
script_bugtraq_id(
93486,
93487,
93491,
93494,
93495,
93496
);
script_name(english:"Adobe Acrobat < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33)");
script_summary(english:"Checks the version of Adobe Acrobat.");
script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote Windows host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote Windows host is
prior to 11.0.18, 15.006.30243, or 15.020.20039. It is, therefore,
affected by multiple vulnerabilities :
- Multiple use-after-free errors exist that allow an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-1089, CVE-2016-1091, CVE-2016-6944,
CVE-2016-6945, CVE-2016-6946, CVE-2016-6949,
CVE-2016-6952, CVE-2016-6953, CVE-2016-6961,
CVE-2016-6962, CVE-2016-6963, CVE-2016-6964,
CVE-2016-6965, CVE-2016-6967, CVE-2016-6968,
CVE-2016-6969, CVE-2016-6971, CVE-2016-6979,
CVE-2016-6988, CVE-2016-6993)
- Multiple heap buffer overflow conditions exist that
allow an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2016-6939, CVE-2016-6994)
- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-6940, CVE-2016-6941, CVE-2016-6942,
CVE-2016-6943, CVE-2016-6947, CVE-2016-6948,
CVE-2016-6950, CVE-2016-6951, CVE-2016-6954,
CVE-2016-6955, CVE-2016-6956, CVE-2016-6959,
CVE-2016-6960, CVE-2016-6966, CVE-2016-6970,
CVE-2016-6972, CVE-2016-6973, CVE-2016-6974,
CVE-2016-6975, CVE-2016-6976, CVE-2016-6977,
CVE-2016-6978, CVE-2016-6995, CVE-2016-6996,
CVE-2016-6997, CVE-2016-6998, CVE-2016-7000,
CVE-2016-7001, CVE-2016-7002, CVE-2016-7003,
CVE-2016-7004, CVE-2016-7005, CVE-2016-7006,
CVE-2016-7007, CVE-2016-7008, CVE-2016-7009,
CVE-2016-7010, CVE-2016-7011, CVE-2016-7012,
CVE-2016-7013, CVE-2016-7014, CVE-2016-7015,
CVE-2016-7016, CVE-2016-7017, CVE-2016-7018,
CVE-2016-7019, CVE-2016-7852, CVE-2016-7853,
CVE-2016-7854)
- A security bypass vulnerability exists that allows an
unauthenticated, remote attacker to bypass restrictions
on JavaScript API execution. (CVE-2016-6957)
- An unspecified security bypass vulnerability exists that
allows an unauthenticated, remote attacker to bypass
security restrictions. (CVE-2016-6958)
- An integer overflow condition exists that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-6999)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb16-33.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat version 11.0.18 / 15.006.30243 / 15.020.20039
or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1089");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/06");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_acrobat_installed.nasl");
script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");
exit(0);
}
include("vcf.inc");
include("vcf_extras.inc");
get_kb_item_or_exit("SMB/Registry/Enumerated");
app_info = vcf::get_app_info(app:"Adobe Acrobat", win_local:TRUE);
constraints = [
{ "min_version" : "11", "max_version" : "11.0.17", "fixed_version" : "11.0.18" },
{ "min_version" : "15.6", "max_version" : "15.6.30201", "fixed_version" : "15.6.30243" },
{ "min_version" : "15.7", "max_version" : "15.17.20053", "fixed_version" : "15.20.20039" }
];
# using adobe_reader namespace check_version_and_report to properly detect Continuous vs Classic,
# and limit ver segments to 3 (18.x.y vs 18.x.y.12345) with max_segs:3
vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7852
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7854
helpx.adobe.com/security/products/acrobat/apsb16-33.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%