Detections
Analytics
Adobe Reader < 2015.006.30456 / 2017.011.30105 / 2019.008.20071 Multiple Vulnerabilities (APSB18-30)
high Nessus Plugin ID 117877
Language:
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Reader installed on the remote Windows host is a version prior to 2015.006.30456, 2017.011.30105, or 2019.008.20071. It is, therefore, affected by multiple vulnerabilities.- Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2018-15966)
- Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2018-12759, CVE-2018-12860, CVE-2018-12861, CVE-2018-12862, CVE-2018-12864, CVE-2018-12865, CVE-2018-12868, CVE-2018-15928, CVE-2018-15929, CVE-2018-15933, CVE-2018-15934, CVE-2018-15935, CVE-2018-15936, CVE-2018-15938, CVE-2018-15939, CVE-2018-15940, CVE-2018-15941, CVE-2018-15944, CVE-2018-15945, CVE-2018-15952, CVE-2018-15954, CVE-2018-15955)
- Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2018-12834, CVE-2018-12839, CVE-2018-12843, CVE-2018-12844, CVE-2018-12845, CVE-2018-12856, CVE-2018-12857, CVE-2018-12859, CVE-2018-12866, CVE-2018-12867, CVE-2018-12869, CVE-2018-12870, CVE-2018-12871, CVE-2018-12872, CVE-2018-12873, CVE-2018-12874, CVE-2018-12875, CVE-2018-12878, CVE-2018-12879, CVE-2018-12880, CVE-2018-15922, CVE-2018-15923, CVE-2018-15925, CVE-2018-15926, CVE-2018-15927, CVE-2018-15932, CVE-2018-15942, CVE-2018-15943, CVE-2018-15946, CVE-2018-15947, CVE-2018-15948, CVE-2018-15949, CVE-2018-15950, CVE-2018-15953, CVE-2018-15956, CVE-2018-15968, CVE-2018-19722)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none (CVE-2018-15921, CVE-2018-15977)
- Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2018-12832, CVE-2018-12833, CVE-2018-12836, CVE-2018-12837, CVE-2018-12846, CVE-2018-12847, CVE-2018-12851)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Adobe Reader version 2015.006.30456 / 2017.011.30105 / 2019.008.20071 or later.See Also
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
Plugin Details
Severity: High
ID: 117877
File Name: adobe_reader_apsb18-30.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 10/2/2018
Updated: 11/20/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-15966
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:acrobat_reader
Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Reader
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/1/2018
Vulnerability Publication Date: 10/1/2018
Reference Information
CVE: CVE-2018-12759, CVE-2018-12769, CVE-2018-12831, CVE-2018-12832, CVE-2018-12833, CVE-2018-12834, CVE-2018-12835, CVE-2018-12836, CVE-2018-12837, CVE-2018-12838, CVE-2018-12839, CVE-2018-12841, CVE-2018-12842, CVE-2018-12843, CVE-2018-12844, CVE-2018-12845, CVE-2018-12846, CVE-2018-12847, CVE-2018-12851, CVE-2018-12852, CVE-2018-12853, CVE-2018-12855, CVE-2018-12856, CVE-2018-12857, CVE-2018-12858, CVE-2018-12859, CVE-2018-12860, CVE-2018-12861, CVE-2018-12862, CVE-2018-12863, CVE-2018-12864, CVE-2018-12865, CVE-2018-12866, CVE-2018-12867, CVE-2018-12868, CVE-2018-12869, CVE-2018-12870, CVE-2018-12871, CVE-2018-12872, CVE-2018-12873, CVE-2018-12874, CVE-2018-12875, CVE-2018-12876, CVE-2018-12877, CVE-2018-12878, CVE-2018-12879, CVE-2018-12880, CVE-2018-12881, CVE-2018-15920, CVE-2018-15921, CVE-2018-15922, CVE-2018-15923, CVE-2018-15924, CVE-2018-15925, CVE-2018-15926, CVE-2018-15927, CVE-2018-15928, CVE-2018-15929, CVE-2018-15930, CVE-2018-15931, CVE-2018-15932, CVE-2018-15933, CVE-2018-15934, CVE-2018-15935, CVE-2018-15936, CVE-2018-15937, CVE-2018-15938, CVE-2018-15939, CVE-2018-15940, CVE-2018-15941, CVE-2018-15942, CVE-2018-15943, CVE-2018-15944, CVE-2018-15945, CVE-2018-15946, CVE-2018-15947, CVE-2018-15948, CVE-2018-15949, CVE-2018-15950, CVE-2018-15951, CVE-2018-15952, CVE-2018-15953, CVE-2018-15954, CVE-2018-15955, CVE-2018-15956, CVE-2018-15966, CVE-2018-15968, CVE-2018-15977, CVE-2018-19722
BID: 105432, 105435, 105436, 105437, 105438, 105439, 105440, 105441, 105442, 105443, 105444