Detections
Analytics
Adobe Audition < 13.0.7 Arbitrary Code Execution (APSB20-40)
high Nessus Plugin ID 137645
Language:
Synopsis
The remote Windows host has an application installed that is affected by an arbitrary code execution vulnerability.Description
According to its version number, the Adobe Audition install on the remote Windows host is potentially affected by an out-of-bounds write vulnerability that could lead to arbitrary code execution.Solution
Upgrade to Adobe Audition version 13.0.7 or later.See Also
https://helpx.adobe.com/security/products/audition/apsb20-40.html
Plugin Details
Severity: High
ID: 137645
File Name: adobe_audition_apsb20-40.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 6/19/2020
Updated: 7/6/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-9659
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:audition
Required KB Items: SMB/Adobe_Audition/installed
Exploit Ease: No known exploits are available
Patch Publication Date: 6/16/2020
Vulnerability Publication Date: 6/16/2020
Reference Information
CVE: CVE-2020-9658, CVE-2020-9659
IAVA: 2020-A-0270