Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2019-12-11
Severity High
Patch available YES
Number of vulnerabilities 21
CVE ID CVE-2019-16446
CVE-2019-16462
CVE-2019-16451
CVE-2019-16464
CVE-2019-16455
CVE-2019-16460
CVE-2019-16453
CVE-2019-16444
CVE-2019-16463
CVE-2019-16459
CVE-2019-16452
CVE-2019-16461
CVE-2019-16458
CVE-2019-16457
CVE-2019-16456
CVE-2019-16465
CVE-2019-16450
CVE-2019-16448
CVE-2019-16445
CVE-2019-16454
CVE-2019-16449
CWE ID CWE-822
CWE-119
CWE-122
CWE-416
CWE-264
CWE-427
CWE-125
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe Acrobat DC
Client/Desktop applications / Office applications

Adobe Acrobat Reader DC
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Advisory

1) Untrusted Pointer Dereference

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16446

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16462

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF content. A remote attacker can create a specially crafted PDF file, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16451

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF content. A remote attacker can create a specially crafted PDF file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16464

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Untrusted Pointer Dereference

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16455

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Untrusted Pointer Dereference

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16460

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16453

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unspecified error, related to implemented security restrictions. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Insecure DLL loading

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16444

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Untrusted Pointer Dereference

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16463

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16459

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16452

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16461

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16458

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16457

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16456

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16465

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16450

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16448

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16445

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-16454

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16449

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat Reader DC: 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2017.011.30148, 2017.011.30150, 2017.011.30152

Adobe Reader: 2015.006.30505, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.