cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
caverna
Engaged Sweeper III
Hi guys, this is my suggestion to report this vulnerability described at https://helpx.adobe.com/security/products/acrobat/apsb18-09.html



Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
tblSoftware.Lastchanged
From tblAssets
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On (
tblSoftwareUni.SoftID = tblSoftware.softID And (
(tblSoftwareUni.softwareName Like '%Acrobat Reader%' Or tblSoftwareUni.softwareName Like '%Acrobat%') And
tblSoftwareUni.softwareName Not Like '%Extended Asian%' And
tblSoftwareUni.softwareName Not Like '%Acrobat.com%' And
tblSoftwareUni.softwareName Not Like '%MUI%'
)
)
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Where
tblAssetCustom.State = 1 And
Convert(Int,replace (tblSoftware.softwareVersion,'.','')) <= 1801120038
Order By
tblAssets.Domain,
tblAssets.AssetName,
Software


based on: https://www.lansweeper.com/forum/yaf_postst16153_7-Zip-Arbitrary-Code-Execution-Vulnerability-Check.aspx
updated according to Sylvie suggestion!
1 ACCEPTED SOLUTION
caverna
Engaged Sweeper III
Sylvie wrote:
Hi,

Here is my report for this vulnerabilty:
  • avoid using substring and use replace instead --> legacy Adobe products taken into account
  • filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
  • add some exceptions to the filter : acrobat.com and %MUI% products


f*cking awsome!!!

View solution in original post

10 REPLIES 10
Sylvie
Engaged Sweeper III
Hi,

Here is my report for this vulnerabilty:
  • avoid using substring and use replace instead --> legacy Adobe products taken into account
  • filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
  • add some exceptions to the filter : acrobat.com and %MUI% products


Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
Convert(Int,replace (tblSoftware.softwareVersion,'.','')) as intVersion,
tblSoftwareUni.SoftwarePublisher As Publisher,
tblSoftware.Lastchanged
From tblAssets
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On (tblSoftwareUni.SoftID = tblSoftware.softID And ((tblSoftwareUni.softwareName Like '%Acrobat Reader%' Or tblSoftwareUni.softwareName Like '%Acrobat%') And
tblSoftwareUni.softwareName Not Like '%Extended Asian%' And
tblSoftwareUni.softwareName Not Like '%Acrobat.com%' And
tblSoftwareUni.softwareName Not Like '%MUI%'))
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Where
tblAssetCustom.State = 1 And
Convert(Int,replace (tblSoftware.softwareVersion,'.','')) <= 1801120038
Order By tblAssets.Domain,
tblAssets.AssetName,
Software


Sylvie
caverna
Engaged Sweeper III
Sylvie wrote:
Hi,

Here is my report for this vulnerabilty:
  • avoid using substring and use replace instead --> legacy Adobe products taken into account
  • filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
  • add some exceptions to the filter : acrobat.com and %MUI% products


f*cking awsome!!!
MatijaS
Engaged Sweeper
This happens when executing the report. Yes we are using the latest version of Lansweeper.
caverna
Engaged Sweeper III
MatijaS wrote:
This happens when executing the report. Yes we are using the latest version of Lansweeper.

Please look at lines 24, 25 and 26.
This is a dirt trick (borrowed from 7-zip report) to check version number.
I'm pretty that if you remove the lines from 19 to 27, you will be able to see which version number is causing problem.
caverna wrote:
MatijaS wrote:
This happens when executing the report. Yes we are using the latest version of Lansweeper.

Please look at lines 24, 25 and 26.
This is a dirt trick (borrowed from 7-zip report) to check version number.
I'm pretty that if you remove the lines from 19 to 27, you will be able to see which version number is causing problem.


Thanks it works.
MatijaS
Engaged Sweeper
Hi,

I`m getting this error "Error: Conversion failed when converting the nvarchar value '7.0.667' to data type int."
caverna
Engaged Sweeper III
MatijaS wrote:
Hi,

I`m getting this error "Error: Conversion failed when converting the nvarchar value '7.0.667' to data type int."


Please provide a little more information...
When this occurs? Importing the report or executing?
Are you using the last Lansweeper version?
Esben_D
Lansweeper Employee
Lansweeper Employee
I'd recommend creating a separate topic for the deployment package in Lansweeper questions. That way this topic can focus on the report.

I did find these other topics which have examples of Adobe reader deployments, they might help:
https://www.lansweeper.com/forum/yaf_postst12976findunread_Install-Adobe-Acrobat-Reader-DC--SD--newest-Update.aspx#post49898
https://m.lansweeper.com/forum/yaf_postst9850_Silently-install-Adobe-Reader--11-0-9.aspx#post38276
caverna
Engaged Sweeper III
My problem now is to create a reliable deploy package to Adobe reader...
Following the examples and googling, I was able to create a "prototype", but it fails many time...