KLA11991 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

1. Signature verification bypass vulnerability can be exploited to gain privileges.
2. Heap-based buffer overflow vulnerability can be exploited to execute arbitrary code.
3. Out-of-bounds write vulnerability can be exploited to execute arbitrary code.
4. Signature validation bypass vulnerability can be exploited to gain privileges.
5. Security feature bypass vulnerability can be exploited to obtain sensitive information and cause denial of service.
6. Use-after-free vulnerability can be exploited to execute arbitrary code.
7. Race Condition vulnerability can be exploited to gain privileges.
8. Improper access control vulnerability can be exploited to gain privileges.
9. Out-of-bounds read vulnerability can be exploited to obtain sensitive information.
10. Improper input validation vulnerability can be exploited to obtain sensitive information.
11. Use-after-free vulnerability can be exploited to obtain sensitive information.
12. Improper input validation vulnerability can be exploited to execute arbitrary code.

Original advisories

APSB20-67

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2020-24429 critical

CVE-2020-24435 critical

CVE-2020-24436 critical

CVE-2020-24439 warning

CVE-2020-24431 warning

CVE-2020-24437 critical

CVE-2020-24428 critical

CVE-2020-24433 critical

CVE-2020-24434 warning

CVE-2020-24427 warning

CVE-2020-24426 warning

CVE-2020-24430 critical

CVE-2020-24438 warning

CVE-2020-24432 critical

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Adobe Acrobat DC Continuous earlier than 2020.013.20064Adobe Acrobat 2020 Classic earlier than 2020.001.30010Adobe Acrobat 2017 Classic earlier than 2017.011.30180Adobe Acrobat Reader DC Continuous earlier than 2020.013.20064Adobe Acrobat Reader 2020 Classic earlier than 2020.001.30010Adobe Acrobat Reader 2017 Classic earlier than 2017.011.30180