Adobe Software Signed By Revoked Certificate (APSA12-01)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is signed by a
revoked certificate.

Description :

The remote host is using Adobe software that has been digitally signed
by a revoked certificate. An Adobe build server was compromised, which
has caused at least two malicious utilities to be signed with Adobe's
code signing certificate. Any software signed by this revoked
certificate (including legitimate Adobe software) is no longer
trusted.

This plugin checks if the following software has been signed by the
revoked certificate :

- Adobe Bridge
- Adobe Extension Manager CS6
- Adobe Media Encoder CS6
- Adobe Premiere Pro CS6
- Adobe Reader
- Audition CS6
- ColdFusion 10
- Configurator 3.1
- Contribute 6.5
- Dreamweaver CS6
- Drive 4
- Encore CS6
- Flash Player
- Flash Professional CS6
- Illustrator CS6
- Photoshop CS6
- Prelude CS6
- Presenter 8
- Shockwave Player
- SpeedGrade CS6

See also :

http://www.adobe.com/support/security/advisories/apsa12-01.html
https://helpx.adobe.com/x-productkb/global/certificate-updates.html
http://www.nessus.org/u?bd0ed764

Solution :

Update all affected Adobe applications to the latest version. Refer to
Adobe security advisory APSA12-01 for more information.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Windows

Nessus Plugin ID: 62693 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now