CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
55.3%
The version of Adobe Acrobat installed on the remote macOS host is a version prior to 20.005.30655, 24.001.30159, or 24.002.21005. It is, therefore, affected by multiple vulnerabilities.
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-39383, CVE-2024-39422, CVE-2024-39424, CVE-2024-41830, CVE-2024-41831)
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-39423)
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation.
Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high. (CVE-2024-39425)
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-39426)
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when the state of a resource changes between its check-time and use-time, allowing an attacker to manipulate the resource. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-39420)
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-41832, CVE-2024-41833, CVE-2024-41834, CVE-2024-41835)
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-45107)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(205600);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");
script_cve_id(
"CVE-2024-39383",
"CVE-2024-39420",
"CVE-2024-39422",
"CVE-2024-39423",
"CVE-2024-39424",
"CVE-2024-39425",
"CVE-2024-39426",
"CVE-2024-41830",
"CVE-2024-41831",
"CVE-2024-41832",
"CVE-2024-41833",
"CVE-2024-41834",
"CVE-2024-41835",
"CVE-2024-45107"
);
script_xref(name:"IAVA", value:"2024-A-0474-S");
script_name(english:"Adobe Acrobat < 20.005.30655 / 24.001.30159 / 24.002.21005 Multiple Vulnerabilities (APSB24-57) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat installed on the remote macOS host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote macOS host is a version prior to 20.005.30655, 24.001.30159, or
24.002.21005. It is, therefore, affected by multiple vulnerabilities.
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
a Use After Free vulnerability that could result in arbitrary code execution in the context of the current
user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-39383, CVE-2024-39422, CVE-2024-39424, CVE-2024-41830, CVE-2024-41831)
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the
current user. Exploitation of this issue requires user interaction in that a victim must open a malicious
file. (CVE-2024-39423)
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation.
Exploitation of this issue require local low-privilege access to the affected system and attack complexity
is high. (CVE-2024-39425)
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end
of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the
context of the current user. Exploitation of this issue requires user interaction in that a victim must
open a malicious file. (CVE-2024-39426)
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code
execution in the context of the current user. This issue occurs when the state of a resource changes
between its check-time and use-time, allowing an attacker to manipulate the resource. Exploitation of this
issue requires user interaction in that a victim must open a malicious file. (CVE-2024-39420)
- Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by
an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could
leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file. (CVE-2024-41832, CVE-2024-41833, CVE-2024-41834,
CVE-2024-41835)
- Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by
a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could
leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file. (CVE-2024-45107)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb24-57.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Acrobat version 20.005.30655 / 24.001.30159 / 24.002.21005 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-41831");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(125, 347, 367, 416, 787, 788);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_adobe_acrobat_installed.nbin");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");
exit(0);
}
include('vcf_extras.inc');
get_kb_item_or_exit('Host/local_checks_enabled');
os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
var app_info = vcf::get_app_info(app:'Adobe Acrobat');
# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
var constraints = [
{ 'min_version' : '20.1', 'max_version' : '20.005.30636', 'fixed_version' : '20.005.30655', 'track' : 'DC Classic' },
{ 'min_version' : '24.1', 'max_version' : '24.001.30123', 'fixed_version' : '24.001.30159', 'track' : 'DC Classic' },
{ 'min_version' : '15.7', 'max_version' : '24.002.20991', 'fixed_version' : '24.002.21005', 'track' : 'DC Continuous' }
];
vcf::adobe_acrobat::check_version_and_report(
app_info:app_info,
constraints:constraints,
max_segs:3,
severity:SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45107
helpx.adobe.com/security/products/acrobat/apsb24-57.html
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
55.3%