Use-after-free in Adobe Reader and Adobe Acrobat - CVE-2024-41869

 

Use-after-free in Adobe Reader and Adobe Acrobat - CVE-2024-41869

Published: September 10, 2024 / Updated: September 11, 2024


Vulnerability identifier: #VU97053
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2024-41869
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability: The vulnerability is being exploited in the wild
Vendor: Adobe
Affected software:
Adobe Reader
Adobe Acrobat

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.


How to mitigate CVE-2024-41869

Install updates from vendor's website.

Sources