The version of Adobe Acrobat installed on the remote Windows host is a version prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities.

  - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have     an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead     to arbitrary code execution. (CVE-2017-3010)

  - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have     an exploitable type confusion vulnerability in the XSLT engine related to localization functionality.
    Successful exploitation could lead to arbitrary code execution. (CVE-2017-2962)

  - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have     an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful     exploitation could lead to arbitrary code execution. (CVE-2017-2950)

  - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have     an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality.
    Successful exploitation could lead to arbitrary code execution. (CVE-2017-2951)

  - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have     an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead     to arbitrary code execution. (CVE-2017-2955, CVE-2017-2958)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)

critical Nessus Plugin ID 96452

Version 1.13