Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2020-05-12
Risk High
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2020-9610
CVE-2020-9602
CVE-2020-9593
CVE-2020-9595
CVE-2020-9598
CVE-2020-9606
CVE-2020-9607
CVE-2020-9604
CVE-2020-9605
CVE-2020-9599
CVE-2020-9600
CVE-2020-9601
CVE-2020-9603
CVE-2020-9612
CVE-2020-9608
CVE-2020-9609
CVE-2020-9611
CVE-2020-9592
CVE-2020-9596
CVE-2020-9613
CVE-2020-9614
CVE-2020-9594
CVE-2020-9597
CVE-2020-9615
CWE-ID CWE-476
CWE-125
CWE-119
CWE-416
CWE-122
CWE-400
CWE-264
CWE-787
CWE-362
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #16 is available.
Vulnerable software
Subscribe
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU27724

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9610

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU27748

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9602

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Invalid memory access

EUVDB-ID: #VU27759

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9593

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Invalid memory access

EUVDB-ID: #VU27758

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9595

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Invalid memory access

EUVDB-ID: #VU27757

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9598

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalid memory access issue. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Use-after-free

EUVDB-ID: #VU27734

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of Field objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-651/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Use-after-free

EUVDB-ID: #VU27733

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9607

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing destruction of annotations from inside event handlers. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Buffer overflow

EUVDB-ID: #VU27732

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9604

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Buffer overflow

EUVDB-ID: #VU27731

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9605

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds read

EUVDB-ID: #VU27751

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9599

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds read

EUVDB-ID: #VU27750

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9600

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU27749

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9601

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU27747

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9603

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Heap-based buffer overflow

EUVDB-ID: #VU27727

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9612

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processing of JPEG2000 images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-653/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU27746

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9608

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU27745

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9609

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing unicode strings within the Javascript submitForm function. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Stack exhaustion

EUVDB-ID: #VU27752

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9611

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a stack exhaustion issue. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Security restrictions bypass

EUVDB-ID: #VU27744

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9592

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Security restrictions bypass

EUVDB-ID: #VU27743

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9596

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Security restrictions bypass

EUVDB-ID: #VU27742

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9613

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Security restrictions bypass

EUVDB-ID: #VU27741

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9614

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a unspecified error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Out-of-bounds write

EUVDB-ID: #VU27730

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9594

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds write

EUVDB-ID: #VU27729

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9597

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html
http://www.zerodayinitiative.com/advisories/ZDI-20-652/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Race condition

EUVDB-ID: #VU27739

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9615

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a race condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass implemented security restrictions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053

Adobe Reader: 2020.006.20034 - 2020.006.20042, 2019.008.20071 - 2019.021.20061, 2015.006.30306 - 2015.006.30518, 2017.008.30051 - 2017.012.20098, 2018.009.20044 - 2018.011.20063, 15.006.30097 - 15.023.20053


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###