Lucene search
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_ILLUSTRATOR_APSB12-10.NASLHistoryMay 17, 2012 - 12:00 a.m.
Adobe Illustrator CS5 / CS5.5 Multiple Memory Corruption Vulnerabilities (APSB12-10)
2012-05-1700:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.49
Percentile
97.6%
The remote Windows host contains a version of Adobe Illustrator less than CS5 15.0.3 / CS5.5 15.1.1. As such, it reportedly is affected by multiple unspecified memory corruption vulnerabilities that could be exploited to execute arbitrary code.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(59179);
script_version("1.13");
script_cvs_date("Date: 2019/12/04");
script_cve_id(
"CVE-2012-0780",
"CVE-2012-2023",
"CVE-2012-2024",
"CVE-2012-2025",
"CVE-2012-2026",
"CVE-2012-2042"
);
script_bugtraq_id(53422);
script_xref(name:"EDB-ID", value:"19139");
script_name(english:"Adobe Illustrator CS5 / CS5.5 Multiple Memory Corruption Vulnerabilities (APSB12-10)");
script_summary(english:"Checks version of Adobe Illustrator");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application affected by multiple
memory corruption vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host contains a version of Adobe Illustrator less
than CS5 15.0.3 / CS5.5 15.1.1. As such, it reportedly is affected by
multiple unspecified memory corruption vulnerabilities that could be
exploited to execute arbitrary code.");
script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb12-10.html");
script_set_attribute(attribute:"solution", value:
"Either upgrade to Adobe Illustrator CS6 (16.0) or apply the update
for CS5 (15.0.3) or CS5.5 (15.1.1).");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2042");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/08");
script_set_attribute(attribute:"patch_publication_date", value:"2012/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:illustrator");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_illustrator_installed.nasl");
script_require_keys("SMB/Adobe Illustrator/Installed");
script_require_ports(139, 445);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
appname = "Adobe Illustrator";
version = get_kb_item_or_exit("SMB/Adobe Illustrator/version");
path = get_kb_item_or_exit("SMB/Adobe Illustrator/path");
prod = get_kb_item_or_exit("SMB/Adobe Illustrator/product");
ver = split(version, sep:'.', keep:FALSE);
if (
ver[0] < 15 ||
(
ver[0] == 15 &&
(
(ver[1] == 0 && ver[2] < 3) ||
(ver[1] == 1 && ver[2] < 1)
)
)
)
{
if (ver[0] == 15 && ver[1] == 0) fix = "CS5 (15.0.3) / CS6 (16.0)";
else if (ver[0] == 15 && ver[1] == 1) fix = "CS5.5 (15.1.1) / CS6 (16.0)";
else fix = "CS6 (16.0)";
port = get_kb_item("SMB/transport");
if (report_verbosity > 0)
{
report =
'\n Product : ' + prod +
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_hole(port:port, extra:report);
}
else security_hole(port:port, extra:report);
exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, appname, version);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2042
www.adobe.com/support/security/bulletins/apsb12-10.html
Related
kaspersky
kaspersky
KLA10038 Multiple ACE vulnerabilities in Adobe Illustrator
2012-08-05 00:00:00
cvelist
cvelist
openvas
openvas
Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows)
2012-05-16 00:00:00
Adobe Illustrator Multiple Unspecified Vulnerabilities - Mac OS X
2012-05-16 00:00:00
Adobe Illustrator Multiple Unspecified Vulnerabilities - Windows
2012-05-16 00:00:00
nvd
nvd
prion
prion
Memory corruption
2012-05-24 15:55:00
Memory corruption
2012-05-09 04:36:00
Memory corruption
2012-05-09 04:36:00
cve
cve
securityvulns
securityvulns
Adobe Illustrator multiple security vulnerabilities
2012-05-09 00:00:00
binamuse
binamuse
Heap spraying Adobe Illustrator
2012-05-09 13:04:00
Adobe Illustrator Tx operator Remote Buffer Overflow - CVE-2012-0780
2012-06-06 20:24:00
packetstorm
packetstorm
Adobe Illustrator CS5.5 Memory Corruption Proof Of Concept
2012-06-14 00:00:00
exploitdb
exploitdb
Adobe Illustrator CS5.5 - Memory Corruption
2012-06-14 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.49
Percentile
97.6%
Related for ADOBE_ILLUSTRATOR_APSB12-10.NASL