CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.8%
The version of Adobe Reader installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities :
A design error vulnerability may allow an attacker to gain control of a userโs printer.
Multiple stack-based buffer overflows may allow an attacker to execute arbitrary code subject to the userโs privileges.
Insecure loading of โSecurity Providerโ libraries may allow for arbitrary code execution.
An insecure method exposed by the JavaScript library in the โEScript.apiโ plug-in allows direct control over low-level features of the object, which allows for execution of arbitrary code as the current user.
Two vulnerabilities in the unpublicized function โapp.checkForUpdate()โ exploited through a callback function could lead to arbitrary code execution in Adobe Reader 7.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(30200);
script_version("1.37");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");
script_cve_id(
"CVE-2007-5659",
"CVE-2007-5663",
"CVE-2007-5666",
"CVE-2008-0655",
"CVE-2008-0667",
"CVE-2008-0726",
"CVE-2008-2042"
);
script_bugtraq_id(27641);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");
script_name(english:"Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The PDF file viewer on the remote Windows host is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote host is earlier
than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple
vulnerabilities :
- A design error vulnerability may allow an attacker to
gain control of a user's printer.
- Multiple stack-based buffer overflows may allow an
attacker to execute arbitrary code subject to the
user's privileges.
- Insecure loading of 'Security Provider' libraries may
allow for arbitrary code execution.
- An insecure method exposed by the JavaScript library
in the 'EScript.api' plug-in allows direct control
over low-level features of the object, which allows
for execution of arbitrary code as the current user.
- Two vulnerabilities in the unpublicized function
'app.checkForUpdate()' exploited through a callback
function could lead to arbitrary code execution in
Adobe Reader 7.");
# https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=655
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8619fcdc");
# https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=656
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d74fcf2");
# https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=657
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c30fbc0");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-08-004/");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/79");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/103");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/104");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/105");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/146");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2008/May/140");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2008/May/141");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/acrobat/release-note/reader-acrobat-8-1-2.html");
script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/advisories/apsa08-01.html");
script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb08-13.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader 8.1.2 / 7.1.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-2042");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Adobe Collab.collectEmailInfo() Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_cwe_id(94, 119, 189, 399);
script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");
script_dependencies("adobe_reader_installed.nasl");
script_require_keys("SMB/Acroread/Version");
exit(0);
}
include("global_settings.inc");
include("audit.inc");
info = NULL;
vers = get_kb_list('SMB/Acroread/Version');
if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB item is missing.');
foreach ver (vers)
{
if (ver && ver =~ "^([0-6]\.|7\.0|8\.(0\.|1\.[01][^0-9.]?))")
{
path = get_kb_item('SMB/Acroread/'+ver+'/Path');
if (isnull(path)) exit(1, 'The "SMB/Acroread/'+ver+'/Path" KB item is missing.');
verui = get_kb_item('SMB/Acroread/'+ver+'/Version_UI');
if (isnull(verui)) exit(1, 'The "SMB/Acroread/'+ver+'/Version_UI" KB item is missing.');
info += ' - ' + verui + ', under ' + path + '\n';
}
}
if (isnull(info)) exit(0, 'The remote host is not affected.');
if (report_verbosity > 0)
{
if (max_index(split(info)) > 1) s = "s of Adobe Reader are";
else s = " of Adobe Reader is";
report =
'\nThe following vulnerable instance'+s+' installed on the'+
'\nremote host :\n\n'+
info;
security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2042
www.nessus.org/u?1d74fcf2
www.nessus.org/u?4c30fbc0
www.nessus.org/u?8619fcdc
helpx.adobe.com/acrobat/release-note/reader-acrobat-8-1-2.html
seclists.org/bugtraq/2008/Feb/103
seclists.org/bugtraq/2008/Feb/104
seclists.org/bugtraq/2008/Feb/105
seclists.org/bugtraq/2008/Feb/146
seclists.org/bugtraq/2008/Feb/79
seclists.org/fulldisclosure/2008/May/140
seclists.org/fulldisclosure/2008/May/141
www.adobe.com/support/security/advisories/apsa08-01.html
www.adobe.com/support/security/bulletins/apsb08-13.html
www.zerodayinitiative.com/advisories/ZDI-08-004/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.8%