Multiple vulnerabilities in Adobe Reader and Acrobat



Published: 2019-08-13 | Updated: 2019-08-15
Risk High
Patch available YES
Number of vulnerabilities 76
CVE-ID CVE-2019-8077
CVE-2019-8094
CVE-2019-8095
CVE-2019-8096
CVE-2019-8102
CVE-2019-8103
CVE-2019-8104
CVE-2019-8105
CVE-2019-8106
CVE-2019-8002
CVE-2019-8004
CVE-2019-8005
CVE-2019-8007
CVE-2019-8010
CVE-2019-8011
CVE-2019-8012
CVE-2019-8018
CVE-2019-8020
CVE-2019-8021
CVE-2019-8032
CVE-2019-8035
CVE-2019-8037
CVE-2019-8040
CVE-2019-8043
CVE-2019-8052
CVE-2019-8098
CVE-2019-8100
CVE-2019-7965
CVE-2019-8008
CVE-2019-8009
CVE-2019-8016
CVE-2019-8022
CVE-2019-8023
CVE-2019-8027
CVE-2019-8060
CVE-2019-8003
CVE-2019-8013
CVE-2019-8024
CVE-2019-8025
CVE-2019-8026
CVE-2019-8028
CVE-2019-8029
CVE-2019-8030
CVE-2019-8031
CVE-2019-8033
CVE-2019-8034
CVE-2019-8036
CVE-2019-8038
CVE-2019-8039
CVE-2019-8047
CVE-2019-8051
CVE-2019-8053
CVE-2019-8054
CVE-2019-8055
CVE-2019-8056
CVE-2019-8057
CVE-2019-8058
CVE-2019-8059
CVE-2019-8061
CVE-2019-8014
CVE-2019-8015
CVE-2019-8041
CVE-2019-8042
CVE-2019-8046
CVE-2019-8049
CVE-2019-8050
CVE-2019-8048
CVE-2019-8044
CVE-2019-8099
CVE-2019-8101
CVE-2019-8097
CVE-2019-8019
CVE-2019-8006
CVE-2019-8017
CVE-2019-8045
CWE-ID CWE-125
CWE-787
CWE-94
CWE-416
CWE-122
CWE-119
CWE-415
CWE-190
CWE-200
CWE-843
CWE-822
Exploitation vector Network
Public exploit Public exploit code for vulnerability #64 is available.
Vulnerability #68 is being exploited in the wild.
Vulnerable software
Subscribe
Adobe Reader
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 76 vulnerabilities.

Updated: 15.08.2019
Removed CVE-2019-7832 from vulnerability #60 that was assigned by mistake.

1) Out-of-bounds read

EUVDB-ID: #VU20073

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8077

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU20074

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8094

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU20075

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8095

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU20076

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8096

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU20077

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8102

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU20078

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8103

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU20079

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8104

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU20080

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8105

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU20081

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8106

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU20082

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8002

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU20083

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8004

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU20084

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8005

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU20085

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU20086

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8010

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU20087

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8011

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU20088

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8012

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU20089

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8018

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU20090

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8020

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU20091

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8021

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU20092

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8032

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU20093

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8035

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-748/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU20094

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8037

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of Unicode characters in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-749/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU20095

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8040

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-752/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU20096

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8043

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU20097

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8052

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-753/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU20098

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8098

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds write

EUVDB-ID: #VU20099

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8100

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds write

EUVDB-ID: #VU20100

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-7965

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds write

EUVDB-ID: #VU20101

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8008

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of PostScript files. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-724/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds write

EUVDB-ID: #VU20102

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8009

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds write

EUVDB-ID: #VU20103

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8016

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds write

EUVDB-ID: #VU20104

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8022

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds write

EUVDB-ID: #VU20105

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8023

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds write

EUVDB-ID: #VU20106

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8027

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the implementation of the Copy menu command in Protected View. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-745/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Code injection

EUVDB-ID: #VU20107

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8060

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a improper input validation when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU20108

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU20109

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8013

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of XFA forms. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-726/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU20110

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8024

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU20111

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8025

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU20112

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8026

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU20113

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8028

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU20114

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8029

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU20115

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8030

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU20116

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8031

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU20117

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8033

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the AcroForm setFocus method. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-747/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU20118

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8034

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the ready event within XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-746/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU20119

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8036

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU20120

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8038

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of Field objects within the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-750/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU20121

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8039

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the value property of Field objects within the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-751/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU20122

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8047

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU20123

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8051

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the userName property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-754/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU20124

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the submitName property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-756/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU20125

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8054

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the rect property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-755/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU20126

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8055

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU20127

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8056

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the strokeColor property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-758/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU20128

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the textSize property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-759/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU20148

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8058

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the fillColor property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-760/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU20129

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8059

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the handling of the lineWidth property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-757/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU20130

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8061

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Heap-based buffer overflow

EUVDB-ID: #VU20131

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Heap-based buffer overflow

EUVDB-ID: #VU20132

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8014

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error  within the parsing of run length encoding in BMP images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-725/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Heap-based buffer overflow

EUVDB-ID: #VU20133

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8015

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Heap-based buffer overflow

EUVDB-ID: #VU20134

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8041

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Heap-based buffer overflow

EUVDB-ID: #VU20135

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8042

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

65) Heap-based buffer overflow

EUVDB-ID: #VU20136

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8046

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Heap-based buffer overflow

EUVDB-ID: #VU20137

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8049

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Heap-based buffer overflow

EUVDB-ID: #VU20138

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8050

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory corruption

EUVDB-ID: #VU20139

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-8048

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

69) Double free

EUVDB-ID: #VU20140

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8044

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger double free error and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Integer overflow

EUVDB-ID: #VU20141

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8099

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger integer overflow and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Integer overflow

EUVDB-ID: #VU20142

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8101

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger integer overflow and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Information disclosure

EUVDB-ID: #VU20143

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8097

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software includes local IP address of the user into PDF files. A remote attacker can obtain local IP address of the user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Type confusion

EUVDB-ID: #VU20144

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8019

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a type confusion error within the processing of the executive command in PostScript. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html
http://www.zerodayinitiative.com/advisories/ZDI-19-744/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Untrusted pointer dereference

EUVDB-ID: #VU20145

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8006

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Untrusted pointer dereference

EUVDB-ID: #VU20146

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8017

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Untrusted pointer dereference

EUVDB-ID: #VU20147

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8045

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2019.012.20035

Adobe Acrobat: 15.006.30306 - 19.012.20035

External links

http://helpx.adobe.com/security/products/acrobat/apsb19-41.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###