Kaspersky LabKLA11421KLA11421 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.47 Medium
EPSS
Percentile
97.5%
Multiple vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
- Multiple buffer errors vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple data leakage vulnerabilities can be exploited remotely to obtain sensitive information;
- Multiple double free vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple integer overflow vulnerabilities can be exploited remotely to obtain sensitive information;
- Multiple out-of-bounds read vulnerabilities can be exploited remotely to obtain sensitive information;
- Multiple security bypass vulnerabilities can be exploited remotely to gain privileges;
- Multiple out-of-bounds write vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple type confusion vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple untrusted pointer dereference vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple use after free vulnerabilities can be exploited remotely to execute arbitrary code.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
Adobe-Acrobat-Reader-DC-Continuous
Adobe-Acrobat-Reader-DC-Classic
CVE list
CVE-2019-7020 critical
CVE-2019-7085 critical
CVE-2019-7089 critical
CVE-2019-7080 critical
CVE-2019-7030 warning
CVE-2019-7021 warning
CVE-2019-7022 warning
CVE-2019-7023 warning
CVE-2019-7024 warning
CVE-2019-7028 warning
CVE-2019-7032 warning
CVE-2019-7033 warning
CVE-2019-7034 warning
CVE-2019-7035 warning
CVE-2019-7036 warning
CVE-2019-7038 warning
CVE-2019-7045 warning
CVE-2019-7047 warning
CVE-2019-7049 warning
CVE-2019-7053 warning
CVE-2019-7055 warning
CVE-2019-7056 warning
CVE-2019-7057 warning
CVE-2019-7058 warning
CVE-2019-7059 warning
CVE-2019-7063 warning
CVE-2019-7064 warning
CVE-2019-7065 warning
CVE-2019-7067 warning
CVE-2019-7071 warning
CVE-2019-7073 warning
CVE-2019-7074 warning
CVE-2019-7081 warning
CVE-2018-19725 critical
CVE-2019-7041 high
CVE-2019-7019 critical
CVE-2019-7027 critical
CVE-2019-7037 critical
CVE-2019-7039 critical
CVE-2019-7052 critical
CVE-2019-7060 critical
CVE-2019-7079 critical
CVE-2019-7069 critical
CVE-2019-7086 critical
CVE-2019-7087 critical
CVE-2019-7042 critical
CVE-2019-7046 critical
CVE-2019-7051 critical
CVE-2019-7054 critical
CVE-2019-7066 critical
CVE-2019-7076 critical
CVE-2019-7018 critical
CVE-2019-7025 critical
CVE-2019-7026 critical
CVE-2019-7029 critical
CVE-2019-7031 critical
CVE-2019-7040 critical
CVE-2019-7043 critical
CVE-2019-7044 critical
CVE-2019-7048 critical
CVE-2019-7050 critical
CVE-2019-7062 critical
CVE-2019-7068 critical
CVE-2019-7070 critical
CVE-2019-7072 critical
CVE-2019-7075 high
CVE-2019-7077 critical
CVE-2019-7078 critical
CVE-2019-7082 critical
CVE-2019-7083 critical
CVE-2019-7084 critical
Solution
Update to the latest version
Download Adobe Acrobat Reader DC
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Adobe Acrobat DC Continuous earlier than 2019.010.20091Adobe Acrobat Reader DC Continuous earlier than 2019.010.20091Adobe Acrobat 2017 (Classic 2017 Track) earlier than 2017.011.30120Adobe Acrobat Reader 2017 (Classic 2017 Track) earlier than 2017.011.30120Adobe Acrobat DC (Classic 2015 Track) earlier than 2015.006.30475Adobe Acrobat Reader DC (Classic 2015 Track) earlier than 2015.006.30475
References
helpx.adobe.com/security/products/acrobat/apsb19-07.html
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.47 Medium
EPSS
Percentile
97.5%