Vulnerabilities > CVE-2019-8022 - Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
adobe
CWE-787
nessus

Summary

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerable Configurations

Part Description Count
Application
Adobe
207
OS
Apple
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB19-41.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30498, 2017.011.30143, or 2019.012.20035. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127903
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127903
    titleAdobe Acrobat <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127903);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Acrobat <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote Windows host is a
    version prior or equal to 2015.006.30498, 2017.011.30143, or
    2019.012.20035. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_acrobat_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30498', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30143', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20035', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_READER_APSB19-41.NASL
    descriptionThe version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30497, 2017.011.30142, or 2019.012.20034. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127902
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127902
    titleAdobe Reader <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127902);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Reader <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote macOS host is a
    version prior or equal to 2015.006.30497, 2017.011.30142, or
    2019.012.20034. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_reader_installed.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    os = get_kb_item('Host/MacOSX/Version');
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
    
    app_info = vcf::get_app_info(app:'Adobe Reader');
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30497', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30142', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20034', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_ACROBAT_APSB19-41.NASL
    descriptionThe version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30497, 2017.011.30142, or 2019.012.20034. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127901
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127901
    titleAdobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127901);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Acrobat <= 2015.006.30497 / 2017.011.30142 / 2019.012.20034 Multiple Vulnerabilities (APSB19-41) (macOS)");
      script_summary(english:"Checks the version of Adobe Acrobat.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Acrobat installed on the remote macOS host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Acrobat installed on the remote macOS host is a
    version prior or equal to 2015.006.30497, 2017.011.30142, or
    2019.012.20034. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Acrobat version 2015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_acrobat_installed.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Acrobat");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    os = get_kb_item('Host/MacOSX/Version');
    if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');
    
    app_info = vcf::get_app_info(app:'Adobe Acrobat');
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30497', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30142', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20034', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);
    
  • NASL familyWindows
    NASL idADOBE_READER_APSB19-41.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30498, 2017.011.30143, or 2019.012.20035. It is, therefore, affected by multiple vulnerabilities. - Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052) - Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061) - Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060) - Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050) - Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048) - Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044) - Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101) - Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097) - Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019) - Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045) - Insufficiently Robust Encryption leading to Security feature bypass. (CVE-2019-8237) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127904
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127904
    titleAdobe Reader <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127904);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
    
      script_cve_id(
        "CVE-2019-7832",
        "CVE-2019-7965",
        "CVE-2019-8002",
        "CVE-2019-8003",
        "CVE-2019-8004",
        "CVE-2019-8005",
        "CVE-2019-8006",
        "CVE-2019-8007",
        "CVE-2019-8008",
        "CVE-2019-8009",
        "CVE-2019-8010",
        "CVE-2019-8011",
        "CVE-2019-8012",
        "CVE-2019-8013",
        "CVE-2019-8014",
        "CVE-2019-8015",
        "CVE-2019-8016",
        "CVE-2019-8017",
        "CVE-2019-8018",
        "CVE-2019-8019",
        "CVE-2019-8020",
        "CVE-2019-8021",
        "CVE-2019-8022",
        "CVE-2019-8023",
        "CVE-2019-8024",
        "CVE-2019-8025",
        "CVE-2019-8026",
        "CVE-2019-8027",
        "CVE-2019-8028",
        "CVE-2019-8029",
        "CVE-2019-8030",
        "CVE-2019-8031",
        "CVE-2019-8032",
        "CVE-2019-8033",
        "CVE-2019-8034",
        "CVE-2019-8035",
        "CVE-2019-8036",
        "CVE-2019-8037",
        "CVE-2019-8038",
        "CVE-2019-8039",
        "CVE-2019-8040",
        "CVE-2019-8041",
        "CVE-2019-8042",
        "CVE-2019-8043",
        "CVE-2019-8044",
        "CVE-2019-8045",
        "CVE-2019-8046",
        "CVE-2019-8047",
        "CVE-2019-8048",
        "CVE-2019-8049",
        "CVE-2019-8050",
        "CVE-2019-8051",
        "CVE-2019-8052",
        "CVE-2019-8053",
        "CVE-2019-8054",
        "CVE-2019-8055",
        "CVE-2019-8056",
        "CVE-2019-8057",
        "CVE-2019-8058",
        "CVE-2019-8059",
        "CVE-2019-8060",
        "CVE-2019-8061",
        "CVE-2019-8077",
        "CVE-2019-8094",
        "CVE-2019-8095",
        "CVE-2019-8096",
        "CVE-2019-8097",
        "CVE-2019-8098",
        "CVE-2019-8099",
        "CVE-2019-8100",
        "CVE-2019-8101",
        "CVE-2019-8102",
        "CVE-2019-8103",
        "CVE-2019-8104",
        "CVE-2019-8105",
        "CVE-2019-8106",
        "CVE-2019-8237"
      );
      script_bugtraq_id(108320);
      script_xref(name:"IAVA", value:"2020-A-0211");
    
      script_name(english:"Adobe Reader <= 2015.006.30498 / 2017.011.30143 / 2019.012.20035 Multiple Vulnerabilities (APSB19-41)");
      script_summary(english:"Checks the version of Adobe Reader.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Adobe Reader installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote Windows host is a
    version prior or equal to 2015.006.30498, 2017.011.30143, or
    2019.012.20035. It is, therefore, affected by multiple
    vulnerabilities.
    
      - Out-of-Bounds Read potentially leading to Information
        Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095,
        CVE-2019-8096, CVE-2019-8102, CVE-2019-8103,
        CVE-2019-8104, CVE-2019-8105, CVE-2019-8106,
        CVE-2019-8002, CVE-2019-8004, CVE-2019-8005,
        CVE-2019-8007, CVE-2019-8010, CVE-2019-8011,
        CVE-2019-8012, CVE-2019-8018, CVE-2019-8020,
        CVE-2019-8021, CVE-2019-8032, CVE-2019-8035,
        CVE-2019-8037, CVE-2019-8040, CVE-2019-8043,
        CVE-2019-8052)
    
      - Out-of-Bounds Write potentially leading to Arbitrary
        Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965,
        CVE-2019-8008, CVE-2019-8009, CVE-2019-8016,
        CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Use After Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024,
        CVE-2019-8025, CVE-2019-8026, CVE-2019-8028,
        CVE-2019-8029, CVE-2019-8030, CVE-2019-8031,
        CVE-2019-8033, CVE-2019-8034, CVE-2019-8036,
        CVE-2019-8038, CVE-2019-8039, CVE-2019-8047,
        CVE-2019-8051, CVE-2019-8053, CVE-2019-8054,
        CVE-2019-8055, CVE-2019-8056, CVE-2019-8057,
        CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
      
      - Command injection potentially leading to Arbitrary Command
        Execution (CVE-2019-8060)
    
      - Heap Overflow potentially leading to Arbitrary Code
        Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015,
        CVE-2019-8041, CVE-2019-8042, CVE-2019-8046,
        CVE-2019-8049, CVE-2019-8050)
    
      - Buffer Error potentially leading to Arbitrary Code
        Execution (CVE-2019-8048)
    
      - Double Free potentially leading to Arbitrary Code
        Execution (CVE-2019-8044)
    
      - Integer Overflow potentially leading to Arbitrary Code
        Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
    
      - Internal IP Disclosure potentially leading to Information
        Disclosure (CVE-2019-8097)
    
      - Type Confusion potentially leading to Arbitrary Code
        Execution (CVE-2019-8019)
    
      - Untrusted Pointer Dereference potentially leading to 
        Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
    
      - Insufficiently Robust Encryption leading to Security
        feature bypass. (CVE-2019-8237)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/acrobat/apsb19-41.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader version 22015.006.30499 or 2017.011.30144 or 2019.012.20036 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7832");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Reader");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    app_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);
    
    # vcf::adobe_reader::check_version_and_report will
    # properly separate tracks when checking constraints.
    # x.y.30zzz = DC Classic
    # x.y.20zzz = DC Continuous
    constraints = [
      { 'min_version' : '15.6', 'max_version' : '15.006.30498', 'fixed_version' : '15.006.30499' },
      { 'min_version' : '17.8', 'max_version' : '17.011.30143', 'fixed_version' : '17.011.30144' },
      { 'min_version' : '15.7', 'max_version' : '19.012.20035', 'fixed_version' : '19.012.20036' }
    ];
    vcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);