Adobe Reader < 2015.006.30434 / 2017.011.30096 / 2018.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(207077);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");

  script_cve_id(
    "CVE-2018-5009",
    "CVE-2018-5010",
    "CVE-2018-5011",
    "CVE-2018-5012",
    "CVE-2018-5014",
    "CVE-2018-5015",
    "CVE-2018-5016",
    "CVE-2018-5017",
    "CVE-2018-5018",
    "CVE-2018-5019",
    "CVE-2018-5020",
    "CVE-2018-5021",
    "CVE-2018-5022",
    "CVE-2018-5023",
    "CVE-2018-5024",
    "CVE-2018-5025",
    "CVE-2018-5026",
    "CVE-2018-5027",
    "CVE-2018-5028",
    "CVE-2018-5029",
    "CVE-2018-5030",
    "CVE-2018-5031",
    "CVE-2018-5032",
    "CVE-2018-5033",
    "CVE-2018-5034",
    "CVE-2018-5035",
    "CVE-2018-5036",
    "CVE-2018-5037",
    "CVE-2018-5038",
    "CVE-2018-5039",
    "CVE-2018-5040",
    "CVE-2018-5041",
    "CVE-2018-5042",
    "CVE-2018-5043",
    "CVE-2018-5044",
    "CVE-2018-5045",
    "CVE-2018-5046",
    "CVE-2018-5047",
    "CVE-2018-5048",
    "CVE-2018-5049",
    "CVE-2018-5050",
    "CVE-2018-5051",
    "CVE-2018-5052",
    "CVE-2018-5053",
    "CVE-2018-5054",
    "CVE-2018-5055",
    "CVE-2018-5056",
    "CVE-2018-5057",
    "CVE-2018-5058",
    "CVE-2018-5059",
    "CVE-2018-5060",
    "CVE-2018-5061",
    "CVE-2018-5062",
    "CVE-2018-5063",
    "CVE-2018-5064",
    "CVE-2018-5065",
    "CVE-2018-5066",
    "CVE-2018-5067",
    "CVE-2018-5068",
    "CVE-2018-5069",
    "CVE-2018-5070",
    "CVE-2018-12754",
    "CVE-2018-12755",
    "CVE-2018-12756",
    "CVE-2018-12757",
    "CVE-2018-12758",
    "CVE-2018-12760",
    "CVE-2018-12761",
    "CVE-2018-12762",
    "CVE-2018-12763",
    "CVE-2018-12764",
    "CVE-2018-12765",
    "CVE-2018-12766",
    "CVE-2018-12767",
    "CVE-2018-12768",
    "CVE-2018-12770",
    "CVE-2018-12771",
    "CVE-2018-12772",
    "CVE-2018-12773",
    "CVE-2018-12774",
    "CVE-2018-12776",
    "CVE-2018-12777",
    "CVE-2018-12779",
    "CVE-2018-12780",
    "CVE-2018-12781",
    "CVE-2018-12782",
    "CVE-2018-12783",
    "CVE-2018-12784",
    "CVE-2018-12785",
    "CVE-2018-12786",
    "CVE-2018-12787",
    "CVE-2018-12788",
    "CVE-2018-12789",
    "CVE-2018-12790",
    "CVE-2018-12791",
    "CVE-2018-12792",
    "CVE-2018-12793",
    "CVE-2018-12794",
    "CVE-2018-12795",
    "CVE-2018-12796",
    "CVE-2018-12797",
    "CVE-2018-12798",
    "CVE-2018-12802",
    "CVE-2018-12803"
  );

  script_name(english:"Adobe Reader < 2015.006.30434 / 2017.011.30096 / 2018.011.20055 Multiple Vulnerabilities (APSB18-21) (macOS)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30434, 2017.011.30096, or
2018.011.20055. It is, therefore, affected by multiple vulnerabilities.

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code
    execution in the context of the current user. (CVE-2018-12782)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code
    execution in the context of the current user. (CVE-2018-12785, CVE-2018-12788, CVE-2018-12798,
    CVE-2018-5015, CVE-2018-5028, CVE-2018-5032, CVE-2018-5036, CVE-2018-5038, CVE-2018-5040, CVE-2018-5041,
    CVE-2018-5045, CVE-2018-5052, CVE-2018-5058, CVE-2018-5067)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code
    execution in the context of the current user. (CVE-2018-12756, CVE-2018-12770, CVE-2018-12772,
    CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796,
    CVE-2018-12797, CVE-2018-5009, CVE-2018-5011, CVE-2018-5065)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to
    arbitrary code execution in the context of the current user. (CVE-2018-12754, CVE-2018-12755,
    CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787, CVE-2018-5020, CVE-2018-5021,
    CVE-2018-5042, CVE-2018-5059, CVE-2018-5064, CVE-2018-5069, CVE-2018-5070)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege
    escalation. (CVE-2018-12802)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to
    information disclosure. (CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764,
    CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777,
    CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790,
    CVE-2018-12795, CVE-2018-12803, CVE-2018-5010, CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018,
    CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027,
    CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046,
    CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054,
    CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066,
    CVE-2018-5068)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code
    execution in the context of the current user. (CVE-2018-12793, CVE-2018-12794, CVE-2018-5057)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead
    to arbitrary code execution in the context of the current user. (CVE-2018-5012, CVE-2018-5030)

  - Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and
    earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code
    execution in the context of the current user. (CVE-2018-12784, CVE-2018-5034, CVE-2018-5037,
    CVE-2018-5043)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb18-21.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader version 2015.006.30434 / 2017.011.30096 / 2018.011.20055 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5070");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_reader_installed.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");

  exit(0);
}

include('vcf_extras.inc');

get_kb_item_or_exit('Host/local_checks_enabled');
os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');

var app_info = vcf::get_app_info(app:'Adobe Reader');

# vcf::adobe_reader::check_version_and_report will
# properly separate tracks when checking constraints.
# x.y.30zzz = DC Classic
# x.y.20zzz = DC Continuous
var constraints = [
  { 'min_version' : '15.6', 'max_version' : '15.006.30418', 'fixed_version' : '15.006.30434', 'track' : 'DC Classic' },
  { 'min_version' : '17.8', 'max_version' : '17.011.30080', 'fixed_version' : '17.011.30096', 'track' : 'DC Classic' },
  { 'min_version' : '15.7', 'max_version' : '18.011.20040', 'fixed_version' : '18.011.20055', 'track' : 'DC Continuous' }
];
vcf::adobe_acrobat::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    max_segs:3,
    severity:SECURITY_HOLE
);