CVE-2020-24435
published 2020-11-05CVE-2020-24435: Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 20.001.30005 | — |
| adobe | acrobat_dc | <= 17.011.30175 | — |
| adobe | acrobat_dc | <= 20.012.20048 | — |
| adobe | acrobat_reader | <= 20.001.30005 | — |
| adobe | acrobat_reader | unspecified – 2017.011.30175 | — |
| adobe | acrobat_reader_dc | <= 17.011.30175 | — |
| adobe | acrobat_reader_dc | <= 20.012.20048 | — |
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
blogs_talos·2020-11-05·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
## Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall
Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into
web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger these vulnerabilities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Adobe to ensure that these issues a
Talos
Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
blogs_talos·2020-11-05·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall
> >
> >
Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into
web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger these vulnerabilities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Adobe to ensure that these issues are resolved and that an update is available for affected customers.
### Vulner
2020-11-05
Published