Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA63956
HistoryFeb 13, 2024 - 12:00 a.m.

KLA63956 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2024-02-1300:00:00
Kaspersky Lab
threats.kaspersky.com
32
adobe acrobat
adobe acrobat reader
vulnerabilities
sensitive information
arbitrary code
denial of service
update
cve-2024-20736
cve-2024-20726
cve-2024-20735

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Out of bounds read vulnerability can be exploited to obtain sensitive information.
  2. Out of bounds write vulnerability can be exploited to execute arbitrary code.
  3. Use after free vulnerability can be exploited execute arbitrary code.
  4. Integer overflow vulnerability can be exploited to cause execute arbitrary code.
  5. Input validation vulnerability can be exploited to cause denial of service.
  6. Use after free vulnerability can be exploited obtain sensitive information.

Original advisories

APSB24-07

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2024-20736 warning

CVE-2024-20726 warning

CVE-2024-20735 warning

CVE-2024-20728 warning

CVE-2024-20731 warning

CVE-2024-20727 warning

CVE-2024-20748 warning

CVE-2024-20729 warning

CVE-2024-20730 warning

CVE-2024-20733 warning

CVE-2024-20747 warning

CVE-2024-20734 warning

CVE-2024-20749 warning

CVE-2024-20765 warning

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Adobe Acrobat DC Continuous earlier than 23.008.20533Adobe Acrobat Reader DC Continuous earlier than 23.008.20533Adobe Acrobat 2020 earlier than 20.005.30574Adobe Acrobat Reader 2020 earlier than 20.005.30574

Related

nessus 4
adobe 1
openvas 8
talosblog 1
nvd 14
cve 14
prion 14
talos 7
zdi 4
cvelist 14
vulnrichment 9
cnvd 6
nessus
nessus
Adobe Acrobat < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07) (macOS)
2024-02-13 00:00:00
Adobe Reader < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07) (macOS)
2024-02-13 00:00:00
Adobe Acrobat < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07)
2024-02-13 00:00:00
adobe
adobe
APSB24-07 : Security update available for Adobe Acrobat and Reader
2024-02-13 00:00:00
openvas
openvas
Adobe Acrobat DC Continuous Security Update (APSB24-07) - Windows
2024-02-15 00:00:00
Adobe Reader Classic 2020 Security Update (APSB24-07) - Windows
2024-02-15 00:00:00
Adobe Acrobat DC Continuous Security Update (APSB24-07) - Windows
2024-02-15 00:00:00
talosblog
talosblog
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
2024-02-28 17:00:38
nvd
nvd
CVE-2024-20733
2024-02-15 13:15:47
CVE-2024-20730
2024-02-15 13:15:47
CVE-2024-20735
2024-02-15 13:15:48
cve
cve
CVE-2024-20728
2024-02-15 13:15:46
CVE-2024-20733
2024-02-15 13:15:47
CVE-2024-20729
2024-02-15 13:15:47
prion
prion
Design/Logic Flaw
2024-02-15 13:15:00
Design/Logic Flaw
2024-02-15 13:15:00
Design/Logic Flaw
2024-02-29 17:15:00
talos
talos
Adobe Acrobat Reader Font CPAL integer overflow vulnerability
2024-02-15 00:00:00
Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
2024-02-15 00:00:00
Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability
2024-02-15 00:00:00
zdi
zdi
Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
2024-03-11 00:00:00
Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
2024-02-13 00:00:00
Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
2024-02-13 00:00:00
cvelist
cvelist
CVE-2024-20727 [TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000
2024-02-15 12:18:42
CVE-2024-20726 [TianfuCup] JP2K Image Parsing Out-Of-Bounds Write
2024-02-15 12:18:44
CVE-2024-20747 TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
2024-02-15 12:18:41
vulnrichment
vulnrichment
CVE-2024-20730 TALOS-2023-1906 - Adobe Acrobat Reader Font CPAL integer overflow vulnerability
2024-02-15 12:18:43
CVE-2024-20747 TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
2024-02-15 12:18:41
CVE-2024-20765 ZDI-CAN-22674: Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
2024-02-29 16:35:04
cnvd
cnvd
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11664)
2024-02-29 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11663)
2024-02-29 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11667)
2024-02-29 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON
Related for KLA63956
nessus4adobe1openvas8talosblog1nvd14cve14prion14talos7zdi4cvelist14vulnrichment9cnvd6