Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader installed on the remote host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote macOS or Mac OS X
host is a version prior to 11.0.20, 2015.006.30306, 2017.009.20044. It
is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exists that allow an
attacker to execute arbitrary code. (CVE-2017-3014,
CVE-2017-3026, CVE-2017-3027, CVE-2017-3035,
CVE-2017-3047, CVE-2017-3057)

- Multiple heap buffer overflow conditions exist that
allow an attacker to execute arbitrary code.
(CVE-2017-3042, CVE-2017-3048, CVE-2017-3049,
CVE-2017-3055)

- Multiple memory corruption issues exist that allow an
attacker to execute arbitrary code. (CVE-2017-3015,
CVE-2017-3017, CVE-2017-3018, CVE-2017-3019,
CVE-2017-3023, CVE-2017-3024, CVE-2017-3025,
CVE-2017-3028, CVE-2017-3030, CVE-2017-3036,
CVE-2017-3037, CVE-2017-3038, CVE-2017-3039,
CVE-2017-3040, CVE-2017-3041, CVE-2017-3044,
CVE-2017-3050, CVE-2017-3051, CVE-2017-3054,
CVE-2017-3056, CVE-2017-3065)

- Multiple integer overflow conditions exist that allow an
attacker to execute arbitrary code. (CVE-2017-3011,
CVE-2017-3034)

- Multiple memory corruption issues exist that allow an
an attacker to disclose memory address information.
(CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,
CVE-2017-3029, CVE-2017-3031, CVE-2017-3032,
CVE-2017-3033, CVE-2017-3043, CVE-2017-3045,
CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)

- A flaw exists due the use of an insecure directory
search path. An attacker can potentially exploit this to
execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

Solution :

Upgrade to Adobe Reader 11.0.20 / 2015.006.30306 / 2017.009.20044 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true