The version of Adobe Dimension installed on the remote Windows host is prior to 3.4.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-116 advisory.

  - Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that     could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass     mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open     a malicious TIF file. (CVE-2021-43763, CVE-2021-44183)

  - Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to     insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the     context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-44179)

  - Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious GIF file. (CVE-2021-44180,     CVE-2021-44181)

  - Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that     could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass     mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open     a malicious SVG file. (CVE-2021-44182)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Dimension < 3.4.4 Multiple Vulnerabilities (APSB21-116)

low Nessus Plugin ID 161867

Version 1.5