From cf6ae6760fb4285eb705be33bc43fdc304ee724b Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 10:55:28 +0800
Subject: [PATCH 1/7] APSB19-29

---
 .../vulnerability/oval_com.gfi_def_1521.xml   | 34 +++++++++++++++++++
 .../1000/oval_com.gfi_ste_1523.xml            |  3 ++
 .../1000/oval_com.gfi_tst_1522.xml            |  4 +++
 3 files changed, 41 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1521.xml
 create mode 100644 repository/states/windows/registry_state/1000/oval_com.gfi_ste_1523.xml
 create mode 100644 repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1522.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1521.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1521.xml
new file mode 100644
index 000000000000..28e8439a6432
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1521.xml
@@ -0,0 +1,34 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1521" version="0" class="vulnerability">
+  <metadata>
+    <title>Multiple vulnerabilities on Adobe Media Encoder</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Adobe Media Encoder</product>
+    </affected>
+    <reference ref_id="APSB19-29" ref_url="https://helpx.adobe.com/security/products/media-encoder/apsb19-29.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2019-7842" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7842" source="CVE"/>
+    <reference ref_id="CVE-2019-7844" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7844" source="CVE"/>
+    <description>
+      Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability (CVE-2019-7842) and an out-of-bounds read vulnerability (CVE-2019-7844). Successful exploitation could lead to remote code execution.
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-01T08:37:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Adobe Media Encoder is installed + version" operator="AND">
+    <extend_definition comment="Adobe Media Encoder is installed" definition_ref="oval:org.cisecurity:def:8776"/>
+    <criterion comment="Check if Adobe Media Encoder version is less than 13.1" test_ref="oval:com.gfi:tst:1522"/>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1523.xml b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1523.xml
new file mode 100644
index 000000000000..f6b6e7685dc3
--- /dev/null
+++ b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1523.xml
@@ -0,0 +1,3 @@
+<registry_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 13.1" id="oval:com.gfi:ste:1523" version="0">
+  <value datatype="version" operation="less than">13.1</value>
+</registry_state>
diff --git a/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1522.xml b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1522.xml
new file mode 100644
index 000000000000..8b25e393236d
--- /dev/null
+++ b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1522.xml
@@ -0,0 +1,4 @@
+<registry_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="at least one" check_existence="at_least_one_exists" comment="Check if Adobe Media Encoder version is less than 13.1" id="oval:com.gfi:tst:1522" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4760"/>
+  <state state_ref="oval:com.gfi:ste:1523"/>
+</registry_test>

From 2211242335532cb9ebb3f461f2c73b3a55886411 Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 11:13:53 +0800
Subject: [PATCH 2/7] APSB19-23

---
 .../vulnerability/oval_com.gfi_def_1524.xml   | 41 +++++++++++++++++++
 .../file_state/1000/oval_com.gfi_ste_1526.xml |  3 ++
 .../file_state/1000/oval_com.gfi_ste_1528.xml |  3 ++
 .../file_test/1000/oval_com.gfi_tst_1525.xml  |  4 ++
 .../file_test/1000/oval_com.gfi_tst_1527.xml  |  4 ++
 5 files changed, 55 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1524.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1526.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1528.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1525.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1527.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1524.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1524.xml
new file mode 100644
index 000000000000..941c2c293dd0
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1524.xml
@@ -0,0 +1,41 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1524" version="0" class="vulnerability">
+  <metadata>
+    <title>Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. (CVE-2019-7107)</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2003</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <product>Adobe InDesign</product>
+    </affected>
+    <reference ref_id="APSB19-23" ref_url="https://helpx.adobe.com/security/products/indesign/apsb19-23.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2019-7107" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7107" source="CVE"/>
+    <description>
+      Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. (CVE-2019-7107)
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-01T09:26:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR">
+    <criteria comment="Adobe InDesign is installed + version" operator="AND">
+      <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
+      <criterion comment="Check if Adobe InDesign version less than 14.0.2" test_ref="oval:com.gfi:tst:1525"/>
+    </criteria>
+    <criteria comment="Adobe InDesign is installed + version" operator="AND">
+      <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
+      <criterion comment="Check if Adobe InDesign version less than 13.1.1" test_ref="oval:com.gfi:tst:1527"/>
+    </criteria>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1526.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1526.xml
new file mode 100644
index 000000000000..e3bc7c266587
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1526.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 14.0.2" id="oval:com.gfi:ste:1526" version="0">
+  <product_version datatype="version" operation="less than">14.0.2</product_version>
+</file_state>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1528.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1528.xml
new file mode 100644
index 000000000000..183e24f1d8f7
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1528.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 13.1.1" id="oval:com.gfi:ste:1528" version="0">
+  <product_version datatype="version" operation="less than">13.1.1</product_version>
+</file_state>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1525.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1525.xml
new file mode 100644
index 000000000000..17f0ee1ab65f
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1525.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if Adobe InDesign version less than 14.0.2" id="oval:com.gfi:tst:1525" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4769"/>
+  <state state_ref="oval:com.gfi:ste:1526"/>
+</file_test>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1527.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1527.xml
new file mode 100644
index 000000000000..783f03948bf0
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1527.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if Adobe InDesign version less than 13.1.1" id="oval:com.gfi:tst:1527" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4769"/>
+  <state state_ref="oval:com.gfi:ste:1528"/>
+</file_test>

From e7506a85a81b7b6a865a48c0be1a81fc284ae50b Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 11:31:20 +0800
Subject: [PATCH 3/7] APSB19-16

---
 .../vulnerability/oval_com.gfi_def_1529.xml   | 42 +++++++++++++++++++
 .../1000/oval_com.gfi_ste_1531.xml            |  3 ++
 .../1000/oval_com.gfi_tst_1530.xml            |  4 ++
 3 files changed, 49 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1529.xml
 create mode 100644 repository/states/windows/registry_state/1000/oval_com.gfi_ste_1531.xml
 create mode 100644 repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1530.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1529.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1529.xml
new file mode 100644
index 000000000000..0e450b5f6004
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1529.xml
@@ -0,0 +1,42 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1529" version="0" class="vulnerability">
+  <metadata>
+    <title>
+      Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. (CVE-2019-7095)
+    </title>
+    <affected family="windows">
+      <platform>Microsoft Windows 2000</platform>
+      <platform>Microsoft Windows XP</platform>
+      <platform>Microsoft Windows Server 2003</platform>
+      <platform>Microsoft Windows Vista</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Adobe Digital Editions</product>
+    </affected>
+    <reference ref_id="APSB19-16" ref_url="https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2019-7095" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7095" source="CVE"/>
+    <description>
+      Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-7095)
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-01T10:45:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Adobe Digital Editions is installed + version" operator="AND">
+    <extend_definition comment="Adobe Digital Editions is installed" definition_ref="oval:org.mitre.oval:def:26684"/>
+    <criterion comment="Check if Adobe Digital Editions version is less than 4.5.10.186048" test_ref="oval:com.gfi:tst:1530"/>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1531.xml b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1531.xml
new file mode 100644
index 000000000000..ce82116e60c8
--- /dev/null
+++ b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1531.xml
@@ -0,0 +1,3 @@
+<registry_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 4.5.10.186048" id="oval:com.gfi:ste:1531" version="0">
+  <value datatype="version" operation="less than">4.5.10.186048</value>
+</registry_state>
diff --git a/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1530.xml b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1530.xml
new file mode 100644
index 000000000000..b7314112b280
--- /dev/null
+++ b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1530.xml
@@ -0,0 +1,4 @@
+<registry_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="at least one" check_existence="at_least_one_exists" comment="Check if Adobe Digital Editions version is less than 4.5.10.186048" id="oval:com.gfi:tst:1530" version="0">
+  <object object_ref="oval:org.cisecurity:obj:5171"/>
+  <state state_ref="oval:com.gfi:ste:1531"/>
+</registry_test>

From 3c6cdc50a9bbfdeddd85f195416043ba2726904e Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 11:39:43 +0800
Subject: [PATCH 4/7] APSB23-09

---
 .../vulnerability/oval_com.gfi_def_1532.xml   | 46 +++++++++++++++++++
 .../file_state/1000/oval_com.gfi_ste_1534.xml |  3 ++
 .../file_test/1000/oval_com.gfi_tst_1533.xml  |  4 ++
 3 files changed, 53 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1532.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1534.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1533.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1532.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1532.xml
new file mode 100644
index 000000000000..e8a987c68a89
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1532.xml
@@ -0,0 +1,46 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1532" version="0" class="vulnerability">
+  <metadata>
+    <title>Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier)</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Adobe Bridge</product>
+    </affected>
+    <reference ref_id="APSB23-09" ref_url="https://helpx.adobe.com/security/products/bridge/apsb23-09.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2023-21583" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21583" source="CVE"/>
+    <reference ref_id="CVE-2023-22226" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22226" source="CVE"/>
+    <reference ref_id="CVE-2023-22227" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22227" source="CVE"/>
+    <reference ref_id="CVE-2023-22228" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22228" source="CVE"/>
+    <reference ref_id="CVE-2023-22229" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22229" source="CVE"/>
+    <reference ref_id="CVE-2023-22230" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22230" source="CVE"/>
+    <reference ref_id="CVE-2023-22231" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22231" source="CVE"/>
+    <description>
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21583) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22226) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22227) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22228) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22229) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22230) 
+      Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22231) 
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-01T12:53:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Adobe Bridge is installed + version" operator="AND">
+    <extend_definition comment="Adobe Bridge is installed" definition_ref="oval:org.cisecurity:def:7159"/>
+    <criterion comment="Check if the version of Adobe Bridge is less than 12.0.4" test_ref="oval:com.gfi:tst:1533"/>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1534.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1534.xml
new file mode 100644
index 000000000000..09ecae02b457
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1534.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State holds if the version is less than 12.0.4" id="oval:com.gfi:ste:1534" version="0">
+  <version datatype="version" operation="less than">12.0.4</version>
+</file_state>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1533.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1533.xml
new file mode 100644
index 000000000000..285b653f6f09
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1533.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if the version of Adobe Bridge is less than 12.0.4" id="oval:com.gfi:tst:1533" version="0">
+  <object object_ref="oval:org.cisecurity:obj:2684"/>
+  <state state_ref="oval:com.gfi:ste:1534"/>
+</file_test>

From 8870b455c9144128d50736ed2a1e568a7b682c0c Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 12:25:56 +0800
Subject: [PATCH 5/7] APSB23-11

---
 .../vulnerability/oval_com.gfi_def_1535.xml   | 51 +++++++++++++++++++
 .../file_state/1000/oval_com.gfi_ste_1537.xml |  3 ++
 .../file_state/1000/oval_com.gfi_ste_1539.xml |  3 ++
 .../file_state/1000/oval_com.gfi_ste_1541.xml |  3 ++
 .../file_state/1000/oval_com.gfi_ste_1543.xml |  3 ++
 .../file_test/1000/oval_com.gfi_tst_1536.xml  |  4 ++
 .../file_test/1000/oval_com.gfi_tst_1538.xml  |  4 ++
 .../file_test/1000/oval_com.gfi_tst_1540.xml  |  4 ++
 .../file_test/1000/oval_com.gfi_tst_1542.xml  |  4 ++
 9 files changed, 79 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1535.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1537.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1539.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1541.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1543.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1536.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1538.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1540.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1542.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1535.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1535.xml
new file mode 100644
index 000000000000..12a2bd0692c2
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1535.xml
@@ -0,0 +1,51 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1535" version="0" class="vulnerability">
+  <metadata>
+    <title>Multiple vulnerabilites on Photoshop version 23.5.3 (and earlier), 24.1 (and earlier)</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Adobe Photoshop</product>
+    </affected>
+    <reference ref_id="APSB23-11" ref_url="https://helpx.adobe.com/security/products/photoshop/apsb23-11.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2023-21574" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21574" source="CVE"/>
+    <reference ref_id="CVE-2023-21575" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21575" source="CVE"/>
+    <reference ref_id="CVE-2023-21576" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21576" source="CVE"/>
+    <reference ref_id="CVE-2023-21577" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21577" source="CVE"/>
+    <reference ref_id="CVE-2023-21578" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21578" source="CVE"/>
+    <description>
+      Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21574) 
+      Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21575) 
+      Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21576) 
+      Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21577) 
+      Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21578) 
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-01T14:43:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <extend_definition comment="Adobe Photoshop is installed" definition_ref="oval:org.mitre.oval:def:6647"/>
+    <criteria comment="vulnerable versions" operator="OR">
+      <criteria comment="Adobe Photoshop before 23.5.4" operator="AND">
+        <criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 23.5" test_ref="oval:com.gfi:tst:1536"/>
+        <criterion comment="Check if the version of Adobe Photoshop is less than 23.5.4" test_ref="oval:com.gfi:tst:1538"/>
+      </criteria>
+      <criteria comment="Adobe Photoshop before 24.1.1" operator="AND">
+        <criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 24.1" test_ref="oval:com.gfi:tst:1540"/>
+        <criterion comment="Check if the version of Adobe Photoshop is less than 24.1.1" test_ref="oval:com.gfi:tst:1542"/>
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1537.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1537.xml
new file mode 100644
index 000000000000..a2b9bbd1a9c3
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1537.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches is greater than or equal 23.5" id="oval:com.gfi:ste:1537" version="0">
+  <version datatype="version" operation="greater than or equal">23.5</version>
+</file_state>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1539.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1539.xml
new file mode 100644
index 000000000000..e4617aeca5cf
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1539.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State holds if the version is less than 23.5.4" id="oval:com.gfi:ste:1539" version="0">
+  <version datatype="version" operation="less than">23.5.4</version>
+</file_state>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1541.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1541.xml
new file mode 100644
index 000000000000..3e7a432b0b11
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1541.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches is greater than or equal 24.1" id="oval:com.gfi:ste:1541" version="0">
+  <version datatype="version" operation="greater than or equal">24.1</version>
+</file_state>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1543.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1543.xml
new file mode 100644
index 000000000000..6a75f09717bd
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1543.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State holds if the version is less than 24.1.1" id="oval:com.gfi:ste:1543" version="0">
+  <version datatype="version" operation="less than">24.1.1</version>
+</file_state>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1536.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1536.xml
new file mode 100644
index 000000000000..e40059de1a2c
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1536.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if the version of Adobe Photoshop is greater than or equal to 23.5" id="oval:com.gfi:tst:1536" version="0">
+  <object object_ref="oval:org.mitre.oval:obj:6885"/>
+  <state state_ref="oval:com.gfi:ste:1537"/>
+</file_test>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1538.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1538.xml
new file mode 100644
index 000000000000..7e165b2131d8
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1538.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if the version of Adobe Photoshop is less than 23.5.4" id="oval:com.gfi:tst:1538" version="0">
+  <object object_ref="oval:org.mitre.oval:obj:6885"/>
+  <state state_ref="oval:com.gfi:ste:1539"/>
+</file_test>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1540.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1540.xml
new file mode 100644
index 000000000000..d61622a17075
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1540.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if the version of Adobe Photoshop is greater than or equal to 24.1" id="oval:com.gfi:tst:1540" version="0">
+  <object object_ref="oval:org.mitre.oval:obj:6885"/>
+  <state state_ref="oval:com.gfi:ste:1541"/>
+</file_test>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1542.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1542.xml
new file mode 100644
index 000000000000..5744e6ac09b3
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1542.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if the version of Adobe Photoshop is less than 24.1.1" id="oval:com.gfi:tst:1542" version="0">
+  <object object_ref="oval:org.mitre.oval:obj:6885"/>
+  <state state_ref="oval:com.gfi:ste:1543"/>
+</file_test>

From 7530c38d848cb2b57f67ba8c5d84154f58023c0d Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 12:30:03 +0800
Subject: [PATCH 6/7] APSB23-12

---
 .../vulnerability/oval_com.gfi_def_1544.xml   | 44 +++++++++++++++++++
 .../file_state/1000/oval_com.gfi_ste_1546.xml |  3 ++
 .../file_state/1000/oval_com.gfi_ste_1548.xml |  3 ++
 .../file_test/1000/oval_com.gfi_tst_1545.xml  |  4 ++
 .../file_test/1000/oval_com.gfi_tst_1547.xml  |  4 ++
 5 files changed, 58 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1544.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1546.xml
 create mode 100644 repository/states/windows/file_state/1000/oval_com.gfi_ste_1548.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1545.xml
 create mode 100644 repository/tests/windows/file_test/1000/oval_com.gfi_tst_1547.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1544.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1544.xml
new file mode 100644
index 000000000000..6fd77911efa8
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1544.xml
@@ -0,0 +1,44 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1544" version="0" class="vulnerability">
+  <metadata>
+    <title>Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. (CVE-2023-21593)</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2003</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <product>Adobe InDesign</product>
+    </affected>
+    <reference ref_id="APSB23-12" ref_url="https://helpx.adobe.com/security/products/indesign/apsb23-12.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2023-21593" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21593" source="CVE"/>
+    <description>
+      Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability.
+      An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user.
+      Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21593)
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-02T01:20:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR">
+    <criteria comment="Adobe InDesign is installed + version" operator="AND">
+      <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
+      <criterion comment="Check if Adobe InDesign version less than ID18.2" test_ref="oval:com.gfi:tst:1545"/>
+    </criteria>
+    <criteria comment="Adobe InDesign is installed + version" operator="AND">
+      <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
+      <criterion comment="Check if Adobe InDesign version less than ID17.4.1" test_ref="oval:com.gfi:tst:1547"/>
+    </criteria>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1546.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1546.xml
new file mode 100644
index 000000000000..aca3b5ad9604
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1546.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than ID18.2" id="oval:com.gfi:ste:1546" version="0">
+  <product_version datatype="version" operation="less than">ID18.2</product_version>
+</file_state>
diff --git a/repository/states/windows/file_state/1000/oval_com.gfi_ste_1548.xml b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1548.xml
new file mode 100644
index 000000000000..7f28a54bd885
--- /dev/null
+++ b/repository/states/windows/file_state/1000/oval_com.gfi_ste_1548.xml
@@ -0,0 +1,3 @@
+<file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than ID17.4.1" id="oval:com.gfi:ste:1548" version="0">
+  <product_version datatype="version" operation="less than">ID17.4.1</product_version>
+</file_state>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1545.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1545.xml
new file mode 100644
index 000000000000..f0b31b0490b7
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1545.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if Adobe InDesign version less than ID18.2" id="oval:com.gfi:tst:1545" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4769"/>
+  <state state_ref="oval:com.gfi:ste:1546"/>
+</file_test>
diff --git a/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1547.xml b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1547.xml
new file mode 100644
index 000000000000..50a359902e8f
--- /dev/null
+++ b/repository/tests/windows/file_test/1000/oval_com.gfi_tst_1547.xml
@@ -0,0 +1,4 @@
+<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="all" check_existence="at_least_one_exists" comment="Check if Adobe InDesign version less than ID17.4.1" id="oval:com.gfi:tst:1547" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4769"/>
+  <state state_ref="oval:com.gfi:ste:1548"/>
+</file_test>

From 0fcdd10a9c1f7a2a074f414b776a033615b96907 Mon Sep 17 00:00:00 2001
From: Glenn Lugod <glenn.lugod@gmail.com>
Date: Thu, 2 Mar 2023 12:34:07 +0800
Subject: [PATCH 7/7] ASPB23-15

---
 .../vulnerability/oval_com.gfi_def_1549.xml   | 44 +++++++++++++++++++
 .../1000/oval_com.gfi_ste_1551.xml            |  3 ++
 .../1000/oval_com.gfi_ste_1553.xml            |  3 ++
 .../1000/oval_com.gfi_tst_1550.xml            |  4 ++
 .../1000/oval_com.gfi_tst_1552.xml            |  4 ++
 5 files changed, 58 insertions(+)
 create mode 100644 repository/definitions/vulnerability/oval_com.gfi_def_1549.xml
 create mode 100644 repository/states/windows/registry_state/1000/oval_com.gfi_ste_1551.xml
 create mode 100644 repository/states/windows/registry_state/1000/oval_com.gfi_ste_1553.xml
 create mode 100644 repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1550.xml
 create mode 100644 repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1552.xml

diff --git a/repository/definitions/vulnerability/oval_com.gfi_def_1549.xml b/repository/definitions/vulnerability/oval_com.gfi_def_1549.xml
new file mode 100644
index 000000000000..321be85c7a69
--- /dev/null
+++ b/repository/definitions/vulnerability/oval_com.gfi_def_1549.xml
@@ -0,0 +1,44 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1549" version="0" class="vulnerability">
+  <metadata>
+    <title>Multiple vulnerabilities on Adobe Animate 2022, Adobe Animate 2023</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows 11</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Adobe Animate</product>
+    </affected>
+    <reference ref_id="ASPB23-15" ref_url="https://helpx.adobe.com/security/products/animate/apsb23-15.html" source="Vendor Advisory"/>
+    <reference ref_id="CVE-2023-22236" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22236" source="CVE"/>
+    <reference ref_id="CVE-2023-22243" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22243" source="CVE"/>
+    <reference ref_id="CVE-2023-22246" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22246" source="CVE"/>
+    <description>
+      Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22236)
+      Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22243)
+      Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22246)
+    </description>
+    <oval_repository>
+      <dates>
+        <submitted date="2023-03-02T01:45:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Check for installation of vulnerable Adobe Animate + vulnerable file version" operator="OR">
+    <criteria comment="Adobe Animate is installed + version" operator="AND">
+      <extend_definition comment="Adobe Animate is installed" definition_ref="oval:org.cisecurity:def:8775"/>
+      <criterion comment="Check if Adobe Animate version is less than 22.0.9" test_ref="oval:com.gfi:tst:1550"/>
+    </criteria>
+    <criteria comment="Adobe Animate is installed + version" operator="AND">
+      <extend_definition comment="Adobe Animate is installed" definition_ref="oval:org.cisecurity:def:8775"/>
+      <criterion comment="Check if Adobe Animate version is less than 23.0.1" test_ref="oval:com.gfi:tst:1552"/>
+    </criteria>
+  </criteria>
+</definition>
diff --git a/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1551.xml b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1551.xml
new file mode 100644
index 000000000000..07f5f631e5a3
--- /dev/null
+++ b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1551.xml
@@ -0,0 +1,3 @@
+<registry_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 22.0.9" id="oval:com.gfi:ste:1551" version="0">
+  <value datatype="version" operation="less than">22.0.9</value>
+</registry_state>
diff --git a/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1553.xml b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1553.xml
new file mode 100644
index 000000000000..de1bd2e13501
--- /dev/null
+++ b/repository/states/windows/registry_state/1000/oval_com.gfi_ste_1553.xml
@@ -0,0 +1,3 @@
+<registry_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" comment="State matches version less than 23.0.1" id="oval:com.gfi:ste:1553" version="0">
+  <value datatype="version" operation="less than">23.0.1</value>
+</registry_state>
diff --git a/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1550.xml b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1550.xml
new file mode 100644
index 000000000000..ba4f41570af6
--- /dev/null
+++ b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1550.xml
@@ -0,0 +1,4 @@
+<registry_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="at least one" check_existence="at_least_one_exists" comment="Check if Adobe Animate version is less than 22.0.9" id="oval:com.gfi:tst:1550" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4764"/>
+  <state state_ref="oval:com.gfi:ste:1551"/>
+</registry_test>
diff --git a/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1552.xml b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1552.xml
new file mode 100644
index 000000000000..30f991336d55
--- /dev/null
+++ b/repository/tests/windows/registry_test/1000/oval_com.gfi_tst_1552.xml
@@ -0,0 +1,4 @@
+<registry_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" check="at least one" check_existence="at_least_one_exists" comment="Check if Adobe Animate version is less than 23.0.1" id="oval:com.gfi:tst:1552" version="0">
+  <object object_ref="oval:org.cisecurity:obj:4764"/>
+  <state state_ref="oval:com.gfi:ste:1553"/>
+</registry_test>