Information disclosure in Adobe Reader and Acrobat

Published: 2019-02-21 17:38:28
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-7815
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software Adobe Acrobat Reader DC
Adobe Acrobat
Adobe Acrobat DC
Vulnerable software versions Adobe Acrobat Reader DC 2015.006.30475
Adobe Acrobat Reader DC 2017.011.30120
Adobe Acrobat Reader DC 2019.010.20091
Adobe Acrobat 2017.011.30120
Adobe Acrobat DC 2015.006.30475
Adobe Acrobat DC 2019.010.20091
Vendor URL Adobe

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient measures, implemented in patch for Adobe Acrobat and Reader in versions 2019.010.20091, 2017.011.30120 and 2015.006.30475, described in SB2019021207 #3 (CVE-2019-7089). A remote attacker can bypass implemented protection and gain unauthorized access to sensitive information on the system.


Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/acrobat/apsb19-13.html

Back to List