The version of Adobe InCopy installed on the remote host is prior to 16.4.2, 17.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-29 advisory.

  - Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2022-34251)

  - Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2022-30655, CVE-2022-30657)

  - Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer     Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2022-30650, CVE-2022-30654, CVE-2022-34249, CVE-2022-34250)

  - Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read     vulnerability when parsing a crafted file, which could result in a read past the end of an allocated     memory structure. An attacker could leverage this vulnerability to execute code in the context of the     current user. Exploitation of this issue requires user interaction in that a victim must open a malicious     file. (CVE-2022-30651)

  - Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2022-30652, CVE-2022-30653, CVE-2022-30656)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe InCopy < 16.4.2 / 17.0 < 17.3.0 Multiple Vulnerabilities (APSB22-29)

high Nessus Plugin ID 162182

Version 1.10

Version 1.8

Version 1.7

Version 1.6

Version 1.10 Oct 23, 2024, 10:51 PM CVE (set "CVE" coverage to "CVE-2022-30650,CVE-2022-30651,CVE-2022-30652,CVE-2022-30653,CVE-2022-30654,CVE-2022-30655,CVE-2022-30656,CVE-2022-30657,CVE-2022-34249,CVE-2022-34250,CVE-2022-34251,CVE-2022-34252") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (changed from "CVE-2022-30656" to "CVE-2022-34251") Plugin metadata Plugin Feed: 202410232251
Version 1.8 Nov 8, 2023, 3:41 PM CVSSv3 score source (set to "CVE-2022-30656") Plugin Feed: 202311081541
Version 1.7 Oct 17, 2023, 1:06 PM Plugin categorization (Add agent all attribute to run on agents) Plugin Feed: 202310171306
Version 1.6 Mar 23, 2023, 8:46 PM Plugin requirements Plugin Feed: 202303232046