CVE-2024-39425

CWE-3673 documents3 sources

Severity

7.0HIGH

EPSS

0.1%

top 77.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedAug 14

Description

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages5 packages

▶NVDadobe/acrobat_reader20.001.3005 — 20.005.30655

▶NVDadobe/acrobat_reader_dc15.008.20082 — 24.002.21005

▶CVEListV5adobe/acrobat_reader24.001.30123

▶NVDadobe/acrobat20.001.30005 — 20.005.30655+1

▶NVDadobe/acrobat_dc15.008.20082 — 24.002.21005

🔴Vulnerability Details

GHSA

GHSA-8p32-h9gr-3vrr: Acrobat Reader versions 20↗2024-08-14

▶

CVEList

Security vulnerability in AdobeARMHelper↗2024-08-14

▶