Multiple vulnerabilities in Adobe Acrobat and Reader



Risk High
Patch available YES
Number of vulnerabilities 26
CVE-ID CVE-2020-9697
CVE-2020-9719
CVE-2020-9722
CVE-2020-9715
CVE-2020-9704
CVE-2020-9701
CVE-2020-9700
CVE-2020-9699
CVE-2020-9698
CVE-2020-9721
CVE-2020-9720
CVE-2020-9718
CVE-2020-9714
CVE-2020-9717
CVE-2020-9716
CVE-2020-9710
CVE-2020-9707
CVE-2020-9706
CVE-2020-9705
CVE-2020-9723
CVE-2020-9703
CVE-2020-9702
CVE-2020-9712
CVE-2020-9696
CVE-2020-9694
CVE-2020-9693
CWE-ID CWE-401
CWE-125
CWE-416
CWE-119
CWE-264
CWE-400
CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 26 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU45495

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9697

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU45504

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9719

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU45513

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9722

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU45512

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-9715

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Buffer overflow

EUVDB-ID: #VU45511

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9704

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU45510

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9701

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU45509

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9700

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU45508

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9699

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU45292

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9698

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU45506

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9721

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU45505

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9720

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU45503

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9718

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU45291

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9714

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU45502

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9717

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU45501

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9716

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU45500

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9710

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU45499

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9707

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU45498

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9706

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU45497

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9705

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU45496

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource exhaustion

EUVDB-ID: #VU45494

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9703

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource exhaustion

EUVDB-ID: #VU45290

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9702

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

EUVDB-ID: #VU45298

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9712

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and remote code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Security restrictions bypass

EUVDB-ID: #VU45297

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9696

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and remote code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds write

EUVDB-ID: #VU45293

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9694

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU45507

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9693

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30392 - 20.009.20074

Adobe Reader: 2015.006.30355 - 2020.009.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb20-48.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###