Vulnerabilities > CVE-2019-7832 - Out-of-bounds Write vulnerability in Adobe Acrobat DC

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
adobe
CWE-787
critical
nessus

Summary

Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerable Configurations

Part Description Count
Application
Adobe
193
OS
Apple
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB19-41.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30498, 2017.011.30143, or 2019.012.20035. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127903
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127903
    titleAdobe Acrobat <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127903);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Acrobat <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote Windows host is a
    version prior or equal to 2015.006.30498, 2017.011.30143, or
    2019.012.20035. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_acrobat_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30498', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30143', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20035', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_READER_APSB19-41.NASL
    descriptionThe version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30497, 2017.011.30142, or 2019.012.20034. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127902
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127902
    titleAdobe Reader <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127902);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Reader <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote macOS host is a
    version prior or equal to 2015.006.30497, 2017.011.30142, or
    2019.012.20034. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_reader_installed.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    os = get_kb_item('Host/MacOSX/Version');
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
    
    app_info = vcf::get_app_info(app:'Adobe Reader');
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30497', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30142', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20034', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_ACROBAT_APSB19-41.NASL
    descriptionThe version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30497, 2017.011.30142, or 2019.012.20034. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127901
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127901
    titleAdobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127901);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote macOS host is a
    version prior or equal to 2015.006.30497, 2017.011.30142, or
    2019.012.20034. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_acrobat_installed.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    os = get_kb_item('Host/MacOSX/Version');
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
    
    app_info = vcf::get_app_info(app:'Adobe Acrobat');
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30497', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30142', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20034', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_READER_APSB19-41.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30498, 2017.011.30143, or 2019.012.20035. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127904
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127904
    titleAdobe Reader <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127904);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Reader <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote Windows host is a
    version prior or equal to 2015.006.30498, 2017.011.30143, or
    2019.012.20035. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 22015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    app_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30498', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30143', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20035', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_READER_APSB19-18.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30493, 2017.011.30138, or 2019.010.20099. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7799, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7787, CVE-2019-7780, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7758, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7820) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7831, CVE-2019-7830, CVE-2019-7823, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7797, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7764, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7828, CVE-2019-7827) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-7824) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7784) - Security Bypass potentially leading to Arbitrary Code Execution (CVE-2019-7779) - Path Traversal leading to Information Disclosure. (CVE-2019-8238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125222
    published2019-05-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125222
    titleAdobe Reader <= 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-18)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125222);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id(
        "CVE-2019-7140",
        "CVE-2019-7141",
        "CVE-2019-7142",
        "CVE-2019-7143",
        "CVE-2019-7144",
        "CVE-2019-7145",
        "CVE-2019-7758",
        "CVE-2019-7759",
        "CVE-2019-7760",
        "CVE-2019-7761",
        "CVE-2019-7762",
        "CVE-2019-7763",
        "CVE-2019-7764",
        "CVE-2019-7765",
        "CVE-2019-7766",
        "CVE-2019-7767",
        "CVE-2019-7768",
        "CVE-2019-7769",
        "CVE-2019-7770",
        "CVE-2019-7771",
        "CVE-2019-7772",
        "CVE-2019-7773",
        "CVE-2019-7774",
        "CVE-2019-7775",
        "CVE-2019-7776",
        "CVE-2019-7777",
        "CVE-2019-7778",
        "CVE-2019-7779",
        "CVE-2019-7780",
        "CVE-2019-7781",
        "CVE-2019-7782",
        "CVE-2019-7783",
        "CVE-2019-7784",
        "CVE-2019-7785",
        "CVE-2019-7786",
        "CVE-2019-7787",
        "CVE-2019-7788",
        "CVE-2019-7789",
        "CVE-2019-7790",
        "CVE-2019-7791",
        "CVE-2019-7792",
        "CVE-2019-7793",
        "CVE-2019-7794",
        "CVE-2019-7795",
        "CVE-2019-7796",
        "CVE-2019-7797",
        "CVE-2019-7798",
        "CVE-2019-7799",
        "CVE-2019-7800",
        "CVE-2019-7801",
        "CVE-2019-7802",
        "CVE-2019-7803",
        "CVE-2019-7804",
        "CVE-2019-7805",
        "CVE-2019-7806",
        "CVE-2019-7807",
        "CVE-2019-7808",
        "CVE-2019-7809",
        "CVE-2019-7810",
        "CVE-2019-7811",
        "CVE-2019-7812",
        "CVE-2019-7813",
        "CVE-2019-7814",
        "CVE-2019-7817",
        "CVE-2019-7818",
        "CVE-2019-7820",
        "CVE-2019-7821",
        "CVE-2019-7822",
        "CVE-2019-7823",
        "CVE-2019-7824",
        "CVE-2019-7825",
        "CVE-2019-7826",
        "CVE-2019-7827",
        "CVE-2019-7828",
        "CVE-2019-7829",
        "CVE-2019-7830",
        "CVE-2019-7831",
        "CVE-2019-7832",
        "CVE-2019-7833",
        "CVE-2019-7834",
        "CVE-2019-7835",
        "CVE-2019-7836",
        "CVE-2019-7841",
        "CVE-2019-8238"
      );
    
      script_name(english:"Adobe Reader <= 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-18)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote Windows host is a
    version prior or equal to 2015.006.30493, 2017.011.30138, or
    2019.010.20099. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826,
        CVE-2019-7813, CVE-2019-7812, CVE-2019-7811,
        CVE-2019-7810, CVE-2019-7803, CVE-2019-7802,
        CVE-2019-7801, CVE-2019-7799, CVE-2019-7798,
        CVE-2019-7795, CVE-2019-7794, CVE-2019-7793,
        CVE-2019-7790, CVE-2019-7789, CVE-2019-7787,
        CVE-2019-7780, CVE-2019-7778, CVE-2019-7777,
        CVE-2019-7776, CVE-2019-7775, CVE-2019-7774,
        CVE-2019-7773, CVE-2019-7771, CVE-2019-7770,
        CVE-2019-7769, CVE-2019-7758, CVE-2019-7145,
        CVE-2019-7144, CVE-2019-7143, CVE-2019-7142,
        CVE-2019-7141, CVE-2019-7140)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7829, CVE-2019-7825,
        CVE-2019-7822, CVE-2019-7818, CVE-2019-7804,
        CVE-2019-7800)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7820)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833,
        CVE-2019-7832, CVE-2019-7831, CVE-2019-7830,
        CVE-2019-7823, CVE-2019-7821, CVE-2019-7817,
        CVE-2019-7814, CVE-2019-7809, CVE-2019-7808,
        CVE-2019-7807, CVE-2019-7806, CVE-2019-7805,
        CVE-2019-7797, CVE-2019-7796, CVE-2019-7792,
        CVE-2019-7791, CVE-2019-7788, CVE-2019-7786,
        CVE-2019-7785, CVE-2019-7783, CVE-2019-7782,
        CVE-2019-7781, CVE-2019-7772, CVE-2019-7768,
        CVE-2019-7767, CVE-2019-7766, CVE-2019-7765,
        CVE-2019-7764, CVE-2019-7763, CVE-2019-7762,
        CVE-2019-7761, CVE-2019-7760, CVE-2019-7759)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7828, CVE-2019-7827)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-7824)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7784)
    
      - Security Bypass potentially leading to Arbitrary Code
        Execution (CVE-2019-7779)
    
      - Path Traversal leading to Information Disclosure.
        (CVE-2019-8238)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-18.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30497 or 2017.011.30142 or
    2019.012.20034 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7763");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    app_info = vcf::adobe_reader::get_app_info();
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30493", "fixed_version" : "15.006.30497" },
      { "min_version" : "17.8", "max_version" : "17.011.30138", "fixed_version" : "17.011.30142" },
      { "min_version" : "15.7", "max_version" : "19.010.20099", "fixed_version" : "19.012.20034" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_READER_APSB19-18.NASL
    descriptionThe version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30493, 2017.011.30138, or 2019.010.20099. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7799, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7787, CVE-2019-7780, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7758, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7820) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7831, CVE-2019-7830, CVE-2019-7823, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7797, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7764, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7828, CVE-2019-7827) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-7824) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7784) - Security Bypass potentially leading to Arbitrary Code Execution (CVE-2019-7779) - Path Traversal leading to Information Disclosure. (CVE-2019-8238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125220
    published2019-05-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125220
    titleAdobe Reader <= 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-18) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125220);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id(
        "CVE-2019-7140",
        "CVE-2019-7141",
        "CVE-2019-7142",
        "CVE-2019-7143",
        "CVE-2019-7144",
        "CVE-2019-7145",
        "CVE-2019-7758",
        "CVE-2019-7759",
        "CVE-2019-7760",
        "CVE-2019-7761",
        "CVE-2019-7762",
        "CVE-2019-7763",
        "CVE-2019-7764",
        "CVE-2019-7765",
        "CVE-2019-7766",
        "CVE-2019-7767",
        "CVE-2019-7768",
        "CVE-2019-7769",
        "CVE-2019-7770",
        "CVE-2019-7771",
        "CVE-2019-7772",
        "CVE-2019-7773",
        "CVE-2019-7774",
        "CVE-2019-7775",
        "CVE-2019-7776",
        "CVE-2019-7777",
        "CVE-2019-7778",
        "CVE-2019-7779",
        "CVE-2019-7780",
        "CVE-2019-7781",
        "CVE-2019-7782",
        "CVE-2019-7783",
        "CVE-2019-7784",
        "CVE-2019-7785",
        "CVE-2019-7786",
        "CVE-2019-7787",
        "CVE-2019-7788",
        "CVE-2019-7789",
        "CVE-2019-7790",
        "CVE-2019-7791",
        "CVE-2019-7792",
        "CVE-2019-7793",
        "CVE-2019-7794",
        "CVE-2019-7795",
        "CVE-2019-7796",
        "CVE-2019-7797",
        "CVE-2019-7798",
        "CVE-2019-7799",
        "CVE-2019-7800",
        "CVE-2019-7801",
        "CVE-2019-7802",
        "CVE-2019-7803",
        "CVE-2019-7804",
        "CVE-2019-7805",
        "CVE-2019-7806",
        "CVE-2019-7807",
        "CVE-2019-7808",
        "CVE-2019-7809",
        "CVE-2019-7810",
        "CVE-2019-7811",
        "CVE-2019-7812",
        "CVE-2019-7813",
        "CVE-2019-7814",
        "CVE-2019-7817",
        "CVE-2019-7818",
        "CVE-2019-7820",
        "CVE-2019-7821",
        "CVE-2019-7822",
        "CVE-2019-7823",
        "CVE-2019-7824",
        "CVE-2019-7825",
        "CVE-2019-7826",
        "CVE-2019-7827",
        "CVE-2019-7828",
        "CVE-2019-7829",
        "CVE-2019-7830",
        "CVE-2019-7831",
        "CVE-2019-7832",
        "CVE-2019-7833",
        "CVE-2019-7834",
        "CVE-2019-7835",
        "CVE-2019-7836",
        "CVE-2019-7841",
        "CVE-2019-8238"
      );
    
      script_name(english:"Adobe Reader <= 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-18) (macOS)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote macOS host is a
    version prior or equal to 2015.006.30493, 2017.011.30138, or
    2019.010.20099. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826,
        CVE-2019-7813, CVE-2019-7812, CVE-2019-7811,
        CVE-2019-7810, CVE-2019-7803, CVE-2019-7802,
        CVE-2019-7801, CVE-2019-7799, CVE-2019-7798,
        CVE-2019-7795, CVE-2019-7794, CVE-2019-7793,
        CVE-2019-7790, CVE-2019-7789, CVE-2019-7787,
        CVE-2019-7780, CVE-2019-7778, CVE-2019-7777,
        CVE-2019-7776, CVE-2019-7775, CVE-2019-7774,
        CVE-2019-7773, CVE-2019-7771, CVE-2019-7770,
        CVE-2019-7769, CVE-2019-7758, CVE-2019-7145,
        CVE-2019-7144, CVE-2019-7143, CVE-2019-7142,
        CVE-2019-7141, CVE-2019-7140)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7829, CVE-2019-7825,
        CVE-2019-7822, CVE-2019-7818, CVE-2019-7804,
        CVE-2019-7800)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7820)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833,
        CVE-2019-7832, CVE-2019-7831, CVE-2019-7830,
        CVE-2019-7823, CVE-2019-7821, CVE-2019-7817,
        CVE-2019-7814, CVE-2019-7809, CVE-2019-7808,
        CVE-2019-7807, CVE-2019-7806, CVE-2019-7805,
        CVE-2019-7797, CVE-2019-7796, CVE-2019-7792,
        CVE-2019-7791, CVE-2019-7788, CVE-2019-7786,
        CVE-2019-7785, CVE-2019-7783, CVE-2019-7782,
        CVE-2019-7781, CVE-2019-7772, CVE-2019-7768,
        CVE-2019-7767, CVE-2019-7766, CVE-2019-7765,
        CVE-2019-7764, CVE-2019-7763, CVE-2019-7762,
        CVE-2019-7761, CVE-2019-7760, CVE-2019-7759)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7828, CVE-2019-7827)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-7824)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7784)
    
      - Security Bypass potentially leading to Arbitrary Code
        Execution (CVE-2019-7779)
    
      - Path Traversal leading to Information Disclosure.
        (CVE-2019-8238)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-18.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30497 or 2017.011.30142 or
    2019.012.20034 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7835");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_reader_installed.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item("Host/MacOSX/Version");
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");
    
    app_info = vcf::get_app_info(app:"Adobe Reader");
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30493", "fixed_version" : "15.006.30497" },
      { "min_version" : "17.8", "max_version" : "17.011.30138", "fixed_version" : "17.011.30142" },
      { "min_version" : "15.7", "max_version" : "19.010.20099", "fixed_version" : "19.012.20034" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB19-18.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30495, 2017.011.30140, or 2019.010.20100. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7799, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7787, CVE-2019-7780, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7758, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7820) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7831, CVE-2019-7830, CVE-2019-7823, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7797, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7764, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7828, CVE-2019-7827) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-7824) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7784) - Security Bypass potentially leading to Arbitrary Code Execution (CVE-2019-7779) - Path Traversal leading to Information Disclosure. (CVE-2019-8238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125221
    published2019-05-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125221
    titleAdobe Acrobat <= 2015.006.30495 / 2017.011.30140 / 2019.010.20100 Multiple Vulnerabilities (APSB19-18)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125221);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id(
        "CVE-2019-7140",
        "CVE-2019-7141",
        "CVE-2019-7142",
        "CVE-2019-7143",
        "CVE-2019-7144",
        "CVE-2019-7145",
        "CVE-2019-7758",
        "CVE-2019-7759",
        "CVE-2019-7760",
        "CVE-2019-7761",
        "CVE-2019-7762",
        "CVE-2019-7763",
        "CVE-2019-7764",
        "CVE-2019-7765",
        "CVE-2019-7766",
        "CVE-2019-7767",
        "CVE-2019-7768",
        "CVE-2019-7769",
        "CVE-2019-7770",
        "CVE-2019-7771",
        "CVE-2019-7772",
        "CVE-2019-7773",
        "CVE-2019-7774",
        "CVE-2019-7775",
        "CVE-2019-7776",
        "CVE-2019-7777",
        "CVE-2019-7778",
        "CVE-2019-7779",
        "CVE-2019-7780",
        "CVE-2019-7781",
        "CVE-2019-7782",
        "CVE-2019-7783",
        "CVE-2019-7784",
        "CVE-2019-7785",
        "CVE-2019-7786",
        "CVE-2019-7787",
        "CVE-2019-7788",
        "CVE-2019-7789",
        "CVE-2019-7790",
        "CVE-2019-7791",
        "CVE-2019-7792",
        "CVE-2019-7793",
        "CVE-2019-7794",
        "CVE-2019-7795",
        "CVE-2019-7796",
        "CVE-2019-7797",
        "CVE-2019-7798",
        "CVE-2019-7799",
        "CVE-2019-7800",
        "CVE-2019-7801",
        "CVE-2019-7802",
        "CVE-2019-7803",
        "CVE-2019-7804",
        "CVE-2019-7805",
        "CVE-2019-7806",
        "CVE-2019-7807",
        "CVE-2019-7808",
        "CVE-2019-7809",
        "CVE-2019-7810",
        "CVE-2019-7811",
        "CVE-2019-7812",
        "CVE-2019-7813",
        "CVE-2019-7814",
        "CVE-2019-7817",
        "CVE-2019-7818",
        "CVE-2019-7820",
        "CVE-2019-7821",
        "CVE-2019-7822",
        "CVE-2019-7823",
        "CVE-2019-7824",
        "CVE-2019-7825",
        "CVE-2019-7826",
        "CVE-2019-7827",
        "CVE-2019-7828",
        "CVE-2019-7829",
        "CVE-2019-7830",
        "CVE-2019-7831",
        "CVE-2019-7832",
        "CVE-2019-7833",
        "CVE-2019-7834",
        "CVE-2019-7835",
        "CVE-2019-7836",
        "CVE-2019-7841",
        "CVE-2019-8238"
      );
    
      script_name(english:"Adobe Acrobat <= 2015.006.30495 / 2017.011.30140 / 2019.010.20100 Multiple Vulnerabilities (APSB19-18)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote Windows host is a
    version prior or equal to 2015.006.30495, 2017.011.30140, or
    2019.010.20100. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826,
        CVE-2019-7813, CVE-2019-7812, CVE-2019-7811,
        CVE-2019-7810, CVE-2019-7803, CVE-2019-7802,
        CVE-2019-7801, CVE-2019-7799, CVE-2019-7798,
        CVE-2019-7795, CVE-2019-7794, CVE-2019-7793,
        CVE-2019-7790, CVE-2019-7789, CVE-2019-7787,
        CVE-2019-7780, CVE-2019-7778, CVE-2019-7777,
        CVE-2019-7776, CVE-2019-7775, CVE-2019-7774,
        CVE-2019-7773, CVE-2019-7771, CVE-2019-7770,
        CVE-2019-7769, CVE-2019-7758, CVE-2019-7145,
        CVE-2019-7144, CVE-2019-7143, CVE-2019-7142,
        CVE-2019-7141, CVE-2019-7140)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7829, CVE-2019-7825,
        CVE-2019-7822, CVE-2019-7818, CVE-2019-7804,
        CVE-2019-7800)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7820)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833,
        CVE-2019-7832, CVE-2019-7831, CVE-2019-7830,
        CVE-2019-7823, CVE-2019-7821, CVE-2019-7817,
        CVE-2019-7814, CVE-2019-7809, CVE-2019-7808,
        CVE-2019-7807, CVE-2019-7806, CVE-2019-7805,
        CVE-2019-7797, CVE-2019-7796, CVE-2019-7792,
        CVE-2019-7791, CVE-2019-7788, CVE-2019-7786,
        CVE-2019-7785, CVE-2019-7783, CVE-2019-7782,
        CVE-2019-7781, CVE-2019-7772, CVE-2019-7768,
        CVE-2019-7767, CVE-2019-7766, CVE-2019-7765,
        CVE-2019-7764, CVE-2019-7763, CVE-2019-7762,
        CVE-2019-7761, CVE-2019-7760, CVE-2019-7759)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7828, CVE-2019-7827)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-7824)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7784)
    
      - Security Bypass potentially leading to Arbitrary Code
        Execution (CVE-2019-7779)
    
      - Path Traversal leading to Information Disclosure.
        (CVE-2019-8238)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-18.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30497 or 2017.011.30142 or
    2019.012.20034 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7835");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_acrobat_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    app_info = vcf::get_app_info(app:"Adobe Acrobat", win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30495", "fixed_version" : "15.006.30497" },
      { "min_version" : "17.8", "max_version" : "17.011.30140", "fixed_version" : "17.011.30142" },
      { "min_version" : "15.7", "max_version" : "19.010.20100", "fixed_version" : "19.012.20034" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_ACROBAT_APSB19-18.NASL
    descriptionThe version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30495, 2017.011.30140, or 2019.010.20100. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7799, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7787, CVE-2019-7780, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7758, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7820) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7831, CVE-2019-7830, CVE-2019-7823, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7797, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7764, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7828, CVE-2019-7827) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-7824) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7784) - Security Bypass potentially leading to Arbitrary Code Execution (CVE-2019-7779) - Path Traversal leading to Information Disclosure. (CVE-2019-8238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125219
    published2019-05-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125219
    titleAdobe Acrobat <= 2015.006.30495 / 2017.011.30140 / 2019.010.20100 Multiple Vulnerabilities (APSB19-18) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125219);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id(
        "CVE-2019-7140",
        "CVE-2019-7141",
        "CVE-2019-7142",
        "CVE-2019-7143",
        "CVE-2019-7144",
        "CVE-2019-7145",
        "CVE-2019-7758",
        "CVE-2019-7759",
        "CVE-2019-7760",
        "CVE-2019-7761",
        "CVE-2019-7762",
        "CVE-2019-7763",
        "CVE-2019-7764",
        "CVE-2019-7765",
        "CVE-2019-7766",
        "CVE-2019-7767",
        "CVE-2019-7768",
        "CVE-2019-7769",
        "CVE-2019-7770",
        "CVE-2019-7771",
        "CVE-2019-7772",
        "CVE-2019-7773",
        "CVE-2019-7774",
        "CVE-2019-7775",
        "CVE-2019-7776",
        "CVE-2019-7777",
        "CVE-2019-7778",
        "CVE-2019-7779",
        "CVE-2019-7780",
        "CVE-2019-7781",
        "CVE-2019-7782",
        "CVE-2019-7783",
        "CVE-2019-7784",
        "CVE-2019-7785",
        "CVE-2019-7786",
        "CVE-2019-7787",
        "CVE-2019-7788",
        "CVE-2019-7789",
        "CVE-2019-7790",
        "CVE-2019-7791",
        "CVE-2019-7792",
        "CVE-2019-7793",
        "CVE-2019-7794",
        "CVE-2019-7795",
        "CVE-2019-7796",
        "CVE-2019-7797",
        "CVE-2019-7798",
        "CVE-2019-7799",
        "CVE-2019-7800",
        "CVE-2019-7801",
        "CVE-2019-7802",
        "CVE-2019-7803",
        "CVE-2019-7804",
        "CVE-2019-7805",
        "CVE-2019-7806",
        "CVE-2019-7807",
        "CVE-2019-7808",
        "CVE-2019-7809",
        "CVE-2019-7810",
        "CVE-2019-7811",
        "CVE-2019-7812",
        "CVE-2019-7813",
        "CVE-2019-7814",
        "CVE-2019-7817",
        "CVE-2019-7818",
        "CVE-2019-7820",
        "CVE-2019-7821",
        "CVE-2019-7822",
        "CVE-2019-7823",
        "CVE-2019-7824",
        "CVE-2019-7825",
        "CVE-2019-7826",
        "CVE-2019-7827",
        "CVE-2019-7828",
        "CVE-2019-7829",
        "CVE-2019-7830",
        "CVE-2019-7831",
        "CVE-2019-7832",
        "CVE-2019-7833",
        "CVE-2019-7834",
        "CVE-2019-7835",
        "CVE-2019-7836",
        "CVE-2019-7841",
        "CVE-2019-8238"
      );
    
      script_name(english:"Adobe Acrobat <= 2015.006.30495 / 2017.011.30140 / 2019.010.20100 Multiple Vulnerabilities (APSB19-18) (macOS)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote macOS host is a
    version prior or equal to 2015.006.30495, 2017.011.30140, or
    2019.010.20100. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826,
        CVE-2019-7813, CVE-2019-7812, CVE-2019-7811,
        CVE-2019-7810, CVE-2019-7803, CVE-2019-7802,
        CVE-2019-7801, CVE-2019-7799, CVE-2019-7798,
        CVE-2019-7795, CVE-2019-7794, CVE-2019-7793,
        CVE-2019-7790, CVE-2019-7789, CVE-2019-7787,
        CVE-2019-7780, CVE-2019-7778, CVE-2019-7777,
        CVE-2019-7776, CVE-2019-7775, CVE-2019-7774,
        CVE-2019-7773, CVE-2019-7771, CVE-2019-7770,
        CVE-2019-7769, CVE-2019-7758, CVE-2019-7145,
        CVE-2019-7144, CVE-2019-7143, CVE-2019-7142,
        CVE-2019-7141, CVE-2019-7140)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-7829, CVE-2019-7825,
        CVE-2019-7822, CVE-2019-7818, CVE-2019-7804,
        CVE-2019-7800)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-7820)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7835, CVE-2019-7834, CVE-2019-7833,
        CVE-2019-7832, CVE-2019-7831, CVE-2019-7830,
        CVE-2019-7823, CVE-2019-7821, CVE-2019-7817,
        CVE-2019-7814, CVE-2019-7809, CVE-2019-7808,
        CVE-2019-7807, CVE-2019-7806, CVE-2019-7805,
        CVE-2019-7797, CVE-2019-7796, CVE-2019-7792,
        CVE-2019-7791, CVE-2019-7788, CVE-2019-7786,
        CVE-2019-7785, CVE-2019-7783, CVE-2019-7782,
        CVE-2019-7781, CVE-2019-7772, CVE-2019-7768,
        CVE-2019-7767, CVE-2019-7766, CVE-2019-7765,
        CVE-2019-7764, CVE-2019-7763, CVE-2019-7762,
        CVE-2019-7761, CVE-2019-7760, CVE-2019-7759)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7828, CVE-2019-7827)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-7824)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-7784)
    
      - Security Bypass potentially leading to Arbitrary Code
        Execution (CVE-2019-7779)
    
      - Path Traversal leading to Information Disclosure.
        (CVE-2019-8238)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-18.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30497 or 2017.011.30142 or
    2019.012.20034 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7835");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_acrobat_installed.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item("Host/MacOSX/Version");
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, "Mac OS X");
    
    app_info = vcf::get_app_info(app:"Adobe Acrobat");
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { "min_version" : "15.6", "max_version" : "15.006.30495", "fixed_version" : "15.006.30497" },
      { "min_version" : "17.8", "max_version" : "17.011.30140", "fixed_version" : "17.011.30142" },
      { "min_version" : "15.7", "max_version" : "19.010.20100", "fixed_version" : "19.012.20034" }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);