Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2020-08-11
Risk High
Patch available YES
Number of vulnerabilities 26
CVE ID CVE-2020-9697
CVE-2020-9719
CVE-2020-9722
CVE-2020-9715
CVE-2020-9704
CVE-2020-9701
CVE-2020-9700
CVE-2020-9699
CVE-2020-9698
CVE-2020-9721
CVE-2020-9720
CVE-2020-9718
CVE-2020-9714
CVE-2020-9717
CVE-2020-9716
CVE-2020-9710
CVE-2020-9707
CVE-2020-9706
CVE-2020-9705
CVE-2020-9723
CVE-2020-9703
CVE-2020-9702
CVE-2020-9712
CVE-2020-9696
CVE-2020-9694
CVE-2020-9693
CWE ID CWE-401
CWE-125
CWE-416
CWE-119
CWE-264
CWE-400
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe Acrobat DC
Client/Desktop applications / Office applications

Adobe Acrobat Reader DC
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Advisory

1) Memory leak

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9697

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9719

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9722

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9715

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9704

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9701

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9700

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9699

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9698

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9721

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9720

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9718

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9714

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9717

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9716

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9710

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9707

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9706

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9705

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

Risk: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9723

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource exhaustion

Risk: Low

CVSSv3: 3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9703

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource exhaustion

Risk: Low

CVSSv3: 3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9702

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9712

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and remote code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Security restrictions bypass

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9696

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and remote code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds write

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9694

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

Risk: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9693

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat DC: 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30495, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.010.20100, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat Reader DC: 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2015.006.30434, 2015.006.30448, 2015.006.30452, 2015.006.30456, 2015.006.30457, 2015.006.30461, 2015.006.30464, 2015.006.30475, 2015.006.30482, 2015.006.30497, 2015.006.30498, 2015.006.30499, 2015.006.30503, 2015.006.30504, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.011.30096, 2017.011.30099, 2017.011.30105, 2017.011.30106, 2017.011.30110, 2017.011.30113, 2017.011.30120, 2017.011.30127, 2017.011.30142, 2017.011.30143, 2017.011.30144, 2017.011.30148, 2017.011.30150, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040, 2018.011.20055, 2018.011.20058, 2018.011.20063, 2019.008.20071, 2019.008.20080, 2019.008.20081, 2019.010.20064, 2019.010.20069, 2019.010.20091, 2019.010.20098, 2019.012.20034, 2019.012.20035, 2019.012.20036, 2019.012.20040, 2019.021.20047, 2019.021.20056, 2019.021.20058, 2019.021.20061, 2020.006.20034, 2020.006.20042, 2020.009.20063, 2020.009.20074

Adobe Acrobat: 2015.006.30503, 2015.006.30504, 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30096, 2017.011.30102, 2017.011.30105, 2017.011.30120, 2017.011.30127, 2017.011.30148, 2017.011.30150, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

Adobe Reader: 2015.006.30505, 2015.006.30508, 2015.006.30510, 2015.006.30518, 2015.006.30523, 2017.008.30051, 2017.011.30066, 2017.011.30068, 2017.011.30070, 2017.011.30078, 2017.011.30099, 2017.011.30102, 2017.011.30105, 2017.011.30152, 2017.011.30156, 2017.011.30158, 2017.011.30166, 2017.011.30171, 2020.001.30002

CPE External links

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.