The version of Adobe Reader installed on the remote macOS host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Reader < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01) (macOS)

high Nessus Plugin ID 156667

Version 1.12

Version 1.11

Version 1.9

Version 1.7

Version 1.12 Nov 21, 2024, 2:36 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411211436
Version 1.11 Oct 22, 2024, 8:01 AM Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202410220801
Version 1.9 Oct 4, 2024, 11:06 PM New Plugin Feed: 202410042306
Version 1.7 Oct 18, 2022, 3:46 PM CVE (Changed from None to CVE-2021-45068) CVSS temporal metrics Exploit attributes Plugin Feed: 202210181546