The version of Adobe Acrobat installed on the remote macOS host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Acrobat < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01) (macOS)

high Nessus Plugin ID 156666

Version 1.12