Multiple vulnerabilities in Adobe Acrobat and Reader
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2020-9610 CVE-2020-9602 CVE-2020-9593 CVE-2020-9595 CVE-2020-9598 CVE-2020-9606 CVE-2020-9607 CVE-2020-9604 CVE-2020-9605 CVE-2020-9599 CVE-2020-9600 CVE-2020-9601 CVE-2020-9603 CVE-2020-9612 CVE-2020-9608 CVE-2020-9609 CVE-2020-9611 CVE-2020-9592 CVE-2020-9596 CVE-2020-9613 CVE-2020-9614 CVE-2020-9594 CVE-2020-9597 CVE-2020-9615 |
| CWE-ID | CWE-476 CWE-125 CWE-119 CWE-416 CWE-122 CWE-400 CWE-264 CWE-787 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #16 is available. |
| Vulnerable software Subscribe |
Adobe Acrobat Client/Desktop applications / Office applications Adobe Reader Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU27724
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9610
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Out-of-bounds read
EUVDB-ID: #VU27748
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Invalid memory access
EUVDB-ID: #VU27759
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9593
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Invalid memory access
EUVDB-ID: #VU27758
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9595
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Invalid memory access
EUVDB-ID: #VU27757
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9598
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Use-after-free
EUVDB-ID: #VU27734
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of Field objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-651/
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU27733
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9607
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing destruction of annotations from inside event handlers. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Buffer overflow
EUVDB-ID: #VU27732
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9604
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Buffer overflow
EUVDB-ID: #VU27731
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9605
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Out-of-bounds read
EUVDB-ID: #VU27751
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
11) Out-of-bounds read
EUVDB-ID: #VU27750
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9600
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
12) Out-of-bounds read
EUVDB-ID: #VU27749
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9601
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
13) Out-of-bounds read
EUVDB-ID: #VU27747
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9603
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
14) Heap-based buffer overflow
EUVDB-ID: #VU27727
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9612
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the processing of JPEG2000 images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-653/
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
15) Out-of-bounds read
EUVDB-ID: #VU27746
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
16) Out-of-bounds read
EUVDB-ID: #VU27745
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9609
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing unicode strings within the Javascript submitForm function. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
17) Stack exhaustion
EUVDB-ID: #VU27752
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-9611
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a stack exhaustion issue. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
18) Security restrictions bypass
EUVDB-ID: #VU27744
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9592
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
19) Security restrictions bypass
EUVDB-ID: #VU27743
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9596
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
20) Security restrictions bypass
EUVDB-ID: #VU27742
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9613
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
21) Security restrictions bypass
EUVDB-ID: #VU27741
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9614
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
22) Out-of-bounds write
EUVDB-ID: #VU27730
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9594
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
23) Out-of-bounds write
EUVDB-ID: #VU27729
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9597
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-652/
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
24) Race condition
EUVDB-ID: #VU27739
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-9615
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a race condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30097 - 20.006.20042
Adobe Reader: 15.006.30097 - 2020.006.20042
CPE2.3 External linkshttp://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
