Detections
Analytics
Adobe Acrobat < 2015.006.30457 / 2017.011.30106 / 2019.008.20081 Vulnerability (APSB18-40)
high Nessus Plugin ID 118931
Language:
Synopsis
The version of Adobe Acrobat installed on the remote Windows host is affected by a vulnerability.Description
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30457, 2017.011.30106, or 2019.008.20081. It is, therefore, affected by a vulnerability.- Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. (CVE-2018-15979)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Adobe Acrobat version 2015.006.30457 / 2017.011.30106 / 2019.008.20081 or later.See Also
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html
Plugin Details
Severity: High
ID: 118931
File Name: adobe_acrobat_apsb18-40.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 11/14/2018
Updated: 9/12/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2018-15979
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Acrobat
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/13/2018
Vulnerability Publication Date: 11/13/2018
Reference Information
CVE: CVE-2018-15979