Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2020-05-12
Severity High
Patch available YES
Number of vulnerabilities 24
CVE ID CVE-2020-9610
CVE-2020-9602
CVE-2020-9593
CVE-2020-9595
CVE-2020-9598
CVE-2020-9606
CVE-2020-9607
CVE-2020-9604
CVE-2020-9605
CVE-2020-9599
CVE-2020-9600
CVE-2020-9601
CVE-2020-9603
CVE-2020-9612
CVE-2020-9608
CVE-2020-9609
CVE-2020-9611
CVE-2020-9592
CVE-2020-9596
CVE-2020-9613
CVE-2020-9614
CVE-2020-9594
CVE-2020-9597
CVE-2020-9615
CWE ID CWE-476
CWE-125
CWE-119
CWE-416
CWE-122
CWE-400
CWE-264
CWE-787
CWE-362
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #16 is available.
Vulnerable software
Subscribe
Adobe Acrobat DC
Client/Desktop applications / Office applications

Adobe Acrobat Reader DC
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Advisory

1) NULL pointer dereference

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9610

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9602

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Invalid memory access

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9593

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Invalid memory access

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9595

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Invalid memory access

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9598

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of Field objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html
https://www.zerodayinitiative.com/advisories/ZDI-20-651/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

Severity: High

CVSSv3: 7.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9607

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing destruction of annotations from inside event handlers. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9604

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9605

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9599

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9600

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9601

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9603

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Heap-based buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9612

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processing of JPEG2000 images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html
https://www.zerodayinitiative.com/advisories/ZDI-20-653/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9608

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

Severity: Low

CVSSv3: 2.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-9609

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing unicode strings within the Javascript submitForm function. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Stack exhaustion

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9611

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a stack exhaustion issue. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security restrictions bypass

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9592

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security restrictions bypass

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9596

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Security restrictions bypass

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9613

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security restrictions bypass

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9614

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9594

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9597

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html
https://www.zerodayinitiative.com/advisories/ZDI-20-652/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Race condition

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9615

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a race condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat Reader DC: 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30174, 15.006.30201, 15.006.30244, 15.006.30279, 15.006.30280, 15.009.20077, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20045, 15.017.20053, 15.020.20042, 15.023.20053, 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.