Vulnerabilities > CVE-2019-7125 - Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
apple
microsoft
CWE-787
critical
nessus

Summary

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerable Configurations

Part Description Count
Application
Adobe
179
OS
Apple
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_READER_APSB19-17.NASL
    descriptionThe version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30482, 2017.011.30127, or 2019.010.20098. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7117, CVE-2019-7128) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7088, CVE-2019-7112) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7113, CVE-2019-7125) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124006
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124006
    titleAdobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124006);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/30 13:24:46");
    
      script_cve_id(
        "CVE-2019-7061",
        "CVE-2019-7088",
        "CVE-2019-7109",
        "CVE-2019-7110",
        "CVE-2019-7111",
        "CVE-2019-7112",
        "CVE-2019-7113",
        "CVE-2019-7114",
        "CVE-2019-7115",
        "CVE-2019-7116",
        "CVE-2019-7117",
        "CVE-2019-7118",
        "CVE-2019-7119",
        "CVE-2019-7120",
        "CVE-2019-7121",
        "CVE-2019-7122",
        "CVE-2019-7123",
        "CVE-2019-7124",
        "CVE-2019-7125",
        "CVE-2019-7127",
        "CVE-2019-7128"
      );
      script_bugtraq_id(
        107805,
        107809,
        107811,
        107812,
        107815
      );
    
      script_name(english:"Adobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote macOS host is a
    version prior or equal to 2015.006.30482, 2017.011.30127, or
    2019.010.20098. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110,
        CVE-2019-7114, CVE-2019-7115, CVE-2019-7116,
        CVE-2019-7121, CVE-2019-7122, CVE-2019-7123,
        CVE-2019-7127)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7111, CVE-2019-7118,
        CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7117, CVE-2019-7128)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7088, CVE-2019-7112)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7113, CVE-2019-7125)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-17.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30493 or 2017.011.30138 or
    2019.010.20099 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7128");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_reader_installed.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item("Host/MacOSX/Version");
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");
    
    app_info = vcf::get_app_info(app:"Adobe Reader");
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30482", "fixed_version" : "15.006.30493" },
      { "min_version" : "17.8", "max_version" : "17.011.30127", "fixed_version" : "17.011.30138" },
      { "min_version" : "15.7", "max_version" : "19.010.20098", "fixed_version" : "19.010.20099" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB19-17.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30482, 2017.011.30127, or 2019.010.20098. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7117, CVE-2019-7128) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7088, CVE-2019-7112) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7113, CVE-2019-7125) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124007
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124007
    titleAdobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124007);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/30 13:24:47");
    
      script_cve_id(
        "CVE-2019-7061",
        "CVE-2019-7088",
        "CVE-2019-7109",
        "CVE-2019-7110",
        "CVE-2019-7111",
        "CVE-2019-7112",
        "CVE-2019-7113",
        "CVE-2019-7114",
        "CVE-2019-7115",
        "CVE-2019-7116",
        "CVE-2019-7117",
        "CVE-2019-7118",
        "CVE-2019-7119",
        "CVE-2019-7120",
        "CVE-2019-7121",
        "CVE-2019-7122",
        "CVE-2019-7123",
        "CVE-2019-7124",
        "CVE-2019-7125",
        "CVE-2019-7127",
        "CVE-2019-7128"
      );
      script_bugtraq_id(
        107805,
        107809,
        107811,
        107812,
        107815
      );
    
      script_name(english:"Adobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote Windows host is a
    version prior or equal to 2015.006.30482, 2017.011.30127, or
    2019.010.20098. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110,
        CVE-2019-7114, CVE-2019-7115, CVE-2019-7116,
        CVE-2019-7121, CVE-2019-7122, CVE-2019-7123,
        CVE-2019-7127)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7111, CVE-2019-7118,
        CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7117, CVE-2019-7128)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7088, CVE-2019-7112)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7113, CVE-2019-7125)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-17.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30493 or 2017.011.30138 or
    2019.010.20099 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7128");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_acrobat_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    app_info = vcf::get_app_info(app:"Adobe Acrobat", win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30482", "fixed_version" : "15.006.30493" },
      { "min_version" : "17.8", "max_version" : "17.011.30127", "fixed_version" : "17.011.30138" },
      { "min_version" : "15.7", "max_version" : "19.010.20098", "fixed_version" : "19.010.20099" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_ACROBAT_APSB19-17.NASL
    descriptionThe version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30482, 2017.011.30127, or 2019.010.20098. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7117, CVE-2019-7128) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7088, CVE-2019-7112) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7113, CVE-2019-7125) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124005
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124005
    titleAdobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124005);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/30 13:24:46");
    
      script_cve_id(
        "CVE-2019-7061",
        "CVE-2019-7088",
        "CVE-2019-7109",
        "CVE-2019-7110",
        "CVE-2019-7111",
        "CVE-2019-7112",
        "CVE-2019-7113",
        "CVE-2019-7114",
        "CVE-2019-7115",
        "CVE-2019-7116",
        "CVE-2019-7117",
        "CVE-2019-7118",
        "CVE-2019-7119",
        "CVE-2019-7120",
        "CVE-2019-7121",
        "CVE-2019-7122",
        "CVE-2019-7123",
        "CVE-2019-7124",
        "CVE-2019-7125",
        "CVE-2019-7127",
        "CVE-2019-7128"
      );
      script_bugtraq_id(
        107805,
        107809,
        107811,
        107812,
        107815
      );
    
      script_name(english:"Adobe Acrobat <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17) (macOS)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote macOS host is a
    version prior or equal to 2015.006.30482, 2017.011.30127, or
    2019.010.20098. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110,
        CVE-2019-7114, CVE-2019-7115, CVE-2019-7116,
        CVE-2019-7121, CVE-2019-7122, CVE-2019-7123,
        CVE-2019-7127)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7111, CVE-2019-7118,
        CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7117, CVE-2019-7128)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7088, CVE-2019-7112)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7113, CVE-2019-7125)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-17.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30493 or 2017.011.30138 or
    2019.010.20099 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7128");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_acrobat_installed.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item("Host/MacOSX/Version");
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");
    
    app_info = vcf::get_app_info(app:"Adobe Acrobat");
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30482", "fixed_version" : "15.006.30493" },
      { "min_version" : "17.8", "max_version" : "17.011.30127", "fixed_version" : "17.011.30138" },
      { "min_version" : "15.7", "max_version" : "19.010.20098", "fixed_version" : "19.010.20099" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_READER_APSB19-17.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30482, 2017.011.30127, or 2019.010.20098. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7117, CVE-2019-7128) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7088, CVE-2019-7112) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7113, CVE-2019-7125) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124008
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124008
    titleAdobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124008);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/30 13:24:47");
    
      script_cve_id(
        "CVE-2019-7061",
        "CVE-2019-7088",
        "CVE-2019-7109",
        "CVE-2019-7110",
        "CVE-2019-7111",
        "CVE-2019-7112",
        "CVE-2019-7113",
        "CVE-2019-7114",
        "CVE-2019-7115",
        "CVE-2019-7116",
        "CVE-2019-7117",
        "CVE-2019-7118",
        "CVE-2019-7119",
        "CVE-2019-7120",
        "CVE-2019-7121",
        "CVE-2019-7122",
        "CVE-2019-7123",
        "CVE-2019-7124",
        "CVE-2019-7125",
        "CVE-2019-7127",
        "CVE-2019-7128"
      );
      script_bugtraq_id(
        107805,
        107809,
        107811,
        107812,
        107815
      );
    
      script_name(english:"Adobe Reader <= 2015.006.30482 / 2017.011.30127 / 2019.010.20098 Multiple Vulnerabilities (APSB19-17)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote Windows host is a
    version prior or equal to 2015.006.30482, 2017.011.30127, or
    2019.010.20098. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110,
        CVE-2019-7114, CVE-2019-7115, CVE-2019-7116,
        CVE-2019-7121, CVE-2019-7122, CVE-2019-7123,
        CVE-2019-7127)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7111, CVE-2019-7118,
        CVE-2019-7119, CVE-2019-7120, CVE-2019-7124)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7117, CVE-2019-7128)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7088, CVE-2019-7112)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7113, CVE-2019-7125)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-17.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30493 or 2017.011.30138 or
    2019.010.20099 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7128");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    app_info = vcf::adobe_reader::get_app_info();
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30482", "fixed_version" : "15.006.30493" },
      { "min_version" : "17.8", "max_version" : "17.011.30127", "fixed_version" : "17.011.30138" },
      { "min_version" : "15.7", "max_version" : "19.010.20098", "fixed_version" : "19.010.20099" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    

Talos

idTALOS-2019-0774
last seen2019-05-29
published2019-04-09
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0774
titleAdobe Acrobat Reader DC text field value remote code execution vulnerability — redux