Vulnerabilities > CVE-2007-0048 - Unspecified vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200910-03.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(42239);
  script_version("1.29");
  script_cvs_date("Date: 2019/08/02 13:32:45");

  script_cve_id("CVE-2007-0045", "CVE-2007-0048", "CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982", "CVE-2009-2983", "CVE-2009-2985", "CVE-2009-2986", "CVE-2009-2988", "CVE-2009-2990", "CVE-2009-2991", "CVE-2009-2993", "CVE-2009-2994", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998", "CVE-2009-3431", "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3462");
  script_bugtraq_id(21858, 35148, 36600, 36664, 36665, 36667, 36668, 36669, 36671, 36677, 36678, 36681, 36682, 36686, 36687, 36688, 36689, 36690, 36692, 36695, 36696);
  script_xref(name:"GLSA", value:"200910-03");

  script_name(english:"GLSA-200910-03 : Adobe Reader: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200910-03
(Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities were discovered in Adobe Reader. For further
    information please consult the CVE entries and the Adobe Security
    Bulletin referenced below.
  
Impact :

    A remote attacker might entice a user to open a specially crafted PDF
    file, possibly resulting in the execution of arbitrary code with the
    privileges of the user running the application, Denial of Service, the
    creation of arbitrary files on the victim's system, 'Trust Manager'
    bypass, or social engineering attacks.
  
Workaround :

    There is no known workaround at this time."
  );
  # http://www.adobe.com/support/security/bulletins/apsb09-15.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.adobe.com/support/security/bulletins/apsb09-15.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200910-03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Adobe Reader users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-text/acroread-9.2'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe FlateDecode Stream Predictor 02 Integer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20, 119, 189, 310, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 9.2"), vulnerable:make_list("lt 9.2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Reader");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(24002);
  script_version("1.24");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id(
    "CVE-2006-5857", 
    "CVE-2007-0044", 
    "CVE-2007-0045", 
    "CVE-2007-0046",
    "CVE-2007-0047", 
    "CVE-2007-0048"
  );
  script_bugtraq_id(21858, 21981);

  script_name(english:"Adobe Reader < 6.0.6 / 7.0.9 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Adobe Reader");

  script_set_attribute(attribute:"synopsis", value:
"The PDF file viewer on the remote Windows host is affected by several
vulnerabilities." );
  script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote host is earlier
than 7.0.9 / 8.0 and is, therefore, reportedly affected by several 
security issues, including one that can lead to arbitrary code 
execution when processing a malicious PDF file." );
  script_set_attribute(attribute:"see_also", value:"https://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt" );
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2007/Jan/199" );
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb07-01.html" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Reader 6.0.6 / 7.0.9 / 8.0 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(352, 399);

  script_set_attribute(attribute:"plugin_publication_date", value: "2007/01/10");
  script_set_attribute(attribute:"vuln_publication_date", value: "2006/12/27");
  script_set_attribute(attribute:"patch_publication_date", value: "2007/01/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_dependencies("adobe_reader_installed.nasl");
  script_require_keys("SMB/Acroread/Version");
  exit(0);
}


include("global_settings.inc");


info = NULL;
vers = get_kb_list('SMB/Acroread/Version');
if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB item is missing.');

foreach ver (vers)
{
  if (ver =~ "^([0-5]\.|6\.0\.[0-5][^0-9.]?|7\.0\.[0-8][^0-9.]?)")
  {
    path = get_kb_item('SMB/Acroread/'+ver+'/Path');
    if (isnull(path)) exit(1, 'The "SMB/Acroread/'+ver+'/Path" KB item is missing.');

    verui = get_kb_item('SMB/Acroread/'+ver+'/Version_UI');
    if (isnull(verui)) exit(1, 'The "SMB/Acroread/'+ver+'/Version_UI" KB item is missing.');

    info += '  - ' + verui + ', under ' + path + '\n';
  }
}

if (isnull(info)) exit(0, 'The remote host is not affected.');

if (report_verbosity > 0)
{
  if (max_index(split(info)) > 1) s = "s of Adobe Reader are";
  else s = " of Adobe Reader is";

  report =
    '\nThe following vulnerable instance'+s+' installed on the'+
    '\nremote host :\n\n'+
    info;
  security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));

#
# (C) Tenable Network Security, Inc.
#


if (NASL_LEVEL < 3000) exit(0);
include('compat.inc');


if (description)
{
  script_id(42120);
  script_version("1.25");
  script_cvs_date("Date: 2018/06/27 18:42:27");

  script_cve_id(
    "CVE-2007-0048",
    "CVE-2007-0045",
    "CVE-2009-2564",
    "CVE-2009-2979",
    "CVE-2009-2980",
    "CVE-2009-2981",
    "CVE-2009-2982",
    "CVE-2009-2983",
    "CVE-2009-2986",
    "CVE-2009-2987",
    "CVE-2009-2988",
    "CVE-2009-2990",
    "CVE-2009-2991",
    "CVE-2009-2992",
    "CVE-2009-2993",
    "CVE-2009-2994",
    "CVE-2009-2996",
    "CVE-2009-2997",
    "CVE-2009-2998",
    "CVE-2009-3431",
    "CVE-2009-3458",
    "CVE-2009-3459"
  );
  script_bugtraq_id(
    21858,
    35740,
    36600,
    36664,
    36665,
    36667,
    36668,
    36669,
    36671,
    36677,
    36678,
    36680,
    36681,
    36682,
    36683,
    36686,
    36687,
    36688,
    36689,
    36690,
    36692,
    36695
  );
  script_xref(name:"Secunia", value:"36983");

  script_name(english:"Adobe Reader < 9.2 / 8.1.7 / 7.1.4  Multiple Vulnerabilities (APSB09-15)");
  script_summary(english:"Checks version of Adobe Reader");

  script_set_attribute(attribute:"synopsis", value:
"The PDF file viewer on the remote Windows host is affected by a
memory corruption vulnerability."  );
  script_set_attribute(attribute:"description", value:
"The version of Adobe Reader installed on the remote host is earlier
than 9.2 / 8.1.7 / 7.1.4.  Such versions are potentially affected by
multiple vulnerabilities :

  - A heap overflow vulnerability. (CVE-2009-3459)

  - A memory corruption issue. (CVE-2009-2985)

  - Multiple heap overflow vulnerabilities. (CVE-2009-2986)

  - An invalid array index issue that could lead to code
    execution. (CVE-2009-2990)

  - Multiple input validation vulnerabilities that could
    lead to code execution. (CVE-2009-2993)

  - A buffer overflow issue. (CVE-2009-2994)

  - A heap overflow vulnerability. (CVE-2009-2997)

  - An input validation issue that could lead to code
    execution. (CVE-2009-2998)

  - An input validation issue that could lead to code
    execution. (CVE-2009-3458)

  - A memory corruption issue that leads to a denial of
    service. (CVE-2009-2983)

  - An integer overflow that leads to a denial of service.
    (CVE-2009-2980)

  - A memory corruption issue that leads to a denial of
    service. (CVE-2009-2996)

  - An input validation issue that could lead to a bypass
    of Trust Manager restrictions. (CVE-2009-2981)

  - A certificate is used that, if compromised, could be used
    in a social engineering attack. (CVE-2009-2982)

  - A stack overflow issue that could lead to a denial of
    service. (CVE-2009-3431)

  - A XMP-XML entity expansion issue that could lead to a
    denial of service attack. (CVE-2009-2979)

  - A remote denial of service issue in the ActiveX control.
    (CVE-2009-2987)

  - An input validation issue. (CVE-2009-2988)

  - An input validation issue specific to the ActiveX
    control. (CVE-2009-2992)

  - A third-party web download product is used that could
    lead to a local privilege escalation. (CVE-2009-2564)

  - A cross-site scripting issue when the browser plugin in
    used with Google Chrome and Opera browsers.
    (CVE-2007-0048, CVE-2007-0045)" );

  script_set_attribute(
    attribute:'see_also',
    value:'http://www.adobe.com/support/security/bulletins/apsb09-15.html'
  );
  script_set_attribute(
    attribute:'solution',
    value:'Upgrade to Adobe Reader 9.2 / 8.1.7 / 7.1.4 or later.'
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe FlateDecode Stream Predictor 02 Integer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20, 119, 189, 264, 310, 399);
script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:'Windows');

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies('adobe_reader_installed.nasl');
  script_require_keys('SMB/Acroread/Version');

  exit(0);
}


include('global_settings.inc');


info = NULL;
vers = get_kb_list('SMB/Acroread/Version');
if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB item is missing.');

foreach version (vers)
{
  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  if  ( 
    ver[0] < 7 ||
    (
      ver[0] == 7 &&
      (
        ver[1] < 1 ||
        (ver[1] == 1 && ver[2] < 4)
      )
    ) ||
    (
      ver[0] == 8 &&
      (
        ver[1] < 1 ||
        (ver[1] == 1 && ver[2] < 7)
      )
    ) ||
    (
      ver[0] == 9 &&  ver[1] < 2
    )
  )
  {
    path = get_kb_item('SMB/Acroread/'+version+'/Path');
    if (isnull(path)) exit(1, 'The "SMB/Acroread/'+version+'/Path" KB item is missing.');

    verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');
    if (isnull(verui)) exit(1, 'The "SMB/Acroread/'+version+'/Version_UI" KB item is missing.');

    info += '  - ' + verui + ', under ' + path + '\n';
  }
}

if (isnull(info)) exit(0, 'The remote host is not affected.');

if (report_verbosity > 0)
{
  if (max_index(split(info)) > 1) s = "s of Adobe Reader are";
  else s = " of Adobe Reader is";

  report =
    '\nThe following vulnerable instance'+s+' installed on the'+
    '\nremote host :\n\n'+
    info;
  security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));