ID CVE-2020-3730 Type cve Reporter cve@mitre.org Modified 2020-02-14T20:19:00
Description
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
{"zdi": [{"lastseen": "2020-06-22T11:41:25", "bulletinFamily": "info", "cvelist": ["CVE-2020-3730"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RGB files. Crafted data in an RGB file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-02-12T00:00:00", "id": "ZDI-20-240", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-240/", "title": "Adobe FrameMaker RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-06-13T00:55:58", "description": "The version of Adobe FrameMaker installed on the remote Windows host\nis prior to 15.0.5. It is, therefore, affected by a the following\nvulnerabilities :\n\n - An unspecified buffer error exists that allows\n arbitrary code execution (CVE-2020-3734)\n\n - An unspecified heap overflow error exists that allows\n arbitrary code execution. (CVE-2020-3731,\n CVE-2020-3735)\n \n - An unspecified memory corruption error exists that\n allows arbitrary code execution. (CVE-2020-3739,\n CVE-2020-3740)\n\n - An unspecified out-of-bounds write error exists that\n allows arbitrary code execution. (CVE-2020-3720,\n CVE-2020-3721, CVE-2020-3722, CVE-2020-3723,\n CVE-2020-3724, CVE-2020-3725, CVE-2020-3726,\n CVE-2020-3727, CVE-2020-3728, CVE-2020-3729,\n CVE-2020-3730, CVE-2020-3732, CVE-2020-3733,\n CVE-2020-3736, CVE-2020-3737, CVE-2020-3738)", "edition": 5, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-14T00:00:00", "title": "Adobe FrameMaker < 15.0.5 Multiple Vulnerabilities (APSB20-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3730", "CVE-2020-3720", "CVE-2020-3724", "CVE-2020-3727", "CVE-2020-3738", "CVE-2020-3725", "CVE-2020-3723", "CVE-2020-3739", "CVE-2020-3731", "CVE-2020-3732", "CVE-2020-3726", "CVE-2020-3728", "CVE-2020-3722", "CVE-2020-3729", "CVE-2020-3735", "CVE-2020-3734", "CVE-2020-3737", "CVE-2020-3736", "CVE-2020-3733", "CVE-2020-3721", "CVE-2020-3740"], "modified": "2020-02-14T00:00:00", "cpe": ["cpe:/a:adobe:framemaker"], "id": "ADOBE_FRAMEMAKER_APSB20-04.NASL", "href": "https://www.tenable.com/plugins/nessus/133694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133694);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\n \"CVE-2020-3720\",\n \"CVE-2020-3721\",\n \"CVE-2020-3722\",\n \"CVE-2020-3723\",\n \"CVE-2020-3724\",\n \"CVE-2020-3725\",\n \"CVE-2020-3726\",\n \"CVE-2020-3727\",\n \"CVE-2020-3728\",\n \"CVE-2020-3729\",\n \"CVE-2020-3730\",\n \"CVE-2020-3731\",\n \"CVE-2020-3732\",\n \"CVE-2020-3733\",\n \"CVE-2020-3734\",\n \"CVE-2020-3735\",\n \"CVE-2020-3736\",\n \"CVE-2020-3737\",\n \"CVE-2020-3738\",\n \"CVE-2020-3739\",\n \"CVE-2020-3740\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0007-S\");\n\n script_name(english:\"Adobe FrameMaker < 15.0.5 Multiple Vulnerabilities (APSB20-04)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe FrameMaker installed on the remote Windows host\nis prior to 15.0.5. It is, therefore, affected by a the following\nvulnerabilities :\n\n - An unspecified buffer error exists that allows\n arbitrary code execution (CVE-2020-3734)\n\n - An unspecified heap overflow error exists that allows\n arbitrary code execution. (CVE-2020-3731,\n CVE-2020-3735)\n \n - An unspecified memory corruption error exists that\n allows arbitrary code execution. (CVE-2020-3739,\n CVE-2020-3740)\n\n - An unspecified out-of-bounds write error exists that\n allows arbitrary code execution. (CVE-2020-3720,\n CVE-2020-3721, CVE-2020-3722, CVE-2020-3723,\n CVE-2020-3724, CVE-2020-3725, CVE-2020-3726,\n CVE-2020-3727, CVE-2020-3728, CVE-2020-3729,\n CVE-2020-3730, CVE-2020-3732, CVE-2020-3733,\n CVE-2020-3736, CVE-2020-3737, CVE-2020-3738)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/framemaker/apsb20-04.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe FrameMaker 15.0.5 (aka 2019.0.5) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3740\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:framemaker\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_framemaker_installed.nbin\");\n script_require_keys(\"installed_sw/Adobe FrameMaker\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\napp_info = vcf::get_app_info(app:\"Adobe FrameMaker\", win_local:TRUE);\n\n# fixed is 15.0.5 (aka 2019.0.5)\nconstraints = [{\"fixed_version\":\"15.0.5\", \"fixed_display\":\"15.0.5 (aka 2019.0.5)\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-10-15T22:24:41", "bulletinFamily": "info", "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-3720", "CVE-2020-3721", "CVE-2020-3722", "CVE-2020-3723", "CVE-2020-3724", "CVE-2020-3725", "CVE-2020-3726", "CVE-2020-3727", "CVE-2020-3728", "CVE-2020-3729", "CVE-2020-3730", "CVE-2020-3731", "CVE-2020-3732", "CVE-2020-3733", "CVE-2020-3734", "CVE-2020-3735", "CVE-2020-3736", "CVE-2020-3737", "CVE-2020-3738", "CVE-2020-3739", "CVE-2020-3740", "CVE-2020-3741", "CVE-2020-3742", "CVE-2020-3743", "CVE-2020-3745", "CVE-2020-3746", "CVE-2020-3748", "CVE-2020-3749", "CVE-2020-3750", "CVE-2020-3751", "CVE-2020-3752", "CVE-2020-3754", "CVE-2020-3757", "CVE-2020-3759", "CVE-2020-3760", "CVE-2020-3762", "CVE-2020-3763"], "description": "Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution.\n\nOverall, Adobe stomped out flaws tied to 42 CVEs for its [regularly scheduled February updates](<https://blogs.adobe.com/psirt/?p=1830>), with 35 of those flaws being critical in severity. That trumps [Adobe\u2019s January security update](<https://threatpost.com/adobe-patches-critical-illustrator-cc-flaws/151812/>), which addressed nine vulnerabilities overall, including ones in Adobe Illustrator CC and Adobe Experience Manager.\n\nAdobe Framemaker, a document processor designed for writing and editing large or complex documents, including structured documents, took the brunt of this month\u2019s patches with the most (21) critical flaws.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThis update addresses multiple critical vulnerabilities,\u201d according to Adobe [in its Tuesday update](<https://helpx.adobe.com/security/products/framemaker/apsb20-04.html>). \u201cSuccessful exploitation could lead to arbitrary code-execution in the context of the current user.\u201d\n\nThe Framemaker flaws stem from buffer errors, or improper restrictions of operations within the bounds of a memory buffer (CVE-2020-3734); heap overflows, which is a type of buffer overflow that occurs in the heap data area (CVE-2020-3731, CVE-2020-3735); memory-corruption glitches that stem from an unexpected change in the contents of a memory location (CVE-2020-3739, CVE-2020-3740); and out-of-bounds (OOB) write flaws, which are write operations that then produce undefined or unexpected results (CVE-2020-3720, CVE-2020-3721, CVE-2020-3722, CVE-2020-3723, CVE-2020-3724, CVE-2020-3725, CVE-2020-3726, CVE-2020-3727, CVE-2020-3728, CVE-2020-3729, CVE-2020-3730, CVE-2020-3732, CVE-2020-3733, CVE-2020-3736, CVE-2020-3737, CVE-2020-3738).\n\nAdobe Framemaker versions 2019.0.4 and below (for Windows) are affected; a patch exists in version 2019.0.5.\n\nAdobe Flash Player, meanwhile, has [a critical type confusion flaw](<https://helpx.adobe.com/security/products/flash-player/apsb20-06.html>) (CVE-2020-3757) that could enable arbitrary code-execution \u201cin the context of the current user.\u201d Affected products include Adobe Flash Player desktop runtime (for Windows, macOS and Linux), Flash Player for Google Chrome (Windows, macOS, Linux and Chrome OS) and Flash Player for Microsoft Edge and IE 11 (for Windows 10 and 8.1).\n\nUsers are urged to update to version 32.0.0.330 in a \u201cpriority 2\u201d update, which means the update resolves vulnerabilities in a product that has historically been at elevated risk. This priority level makes sense as Flash is known to be a favorite target for cyberattacks, particularly for exploit kits, [zero-day attacks](<https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/>) and phishing schemes. Adobe for its part announced in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020, leading to browsers to turn off Flash Player default support. For instance, Mozilla announced it will [kill default support for Adobe Flash](<https://threatpost.com/flash-default-mozilla-firefox-69/140814/>) in Firefox 69, while Google dumped default Flash support [in Chrome 76](<https://threatpost.com/chrome-76-default-adobe-flash/146843/>).\n\n[Adobe Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb20-05.html>), Adobe\u2019s application software and Web services, had critical flaws tied to 12 CVEs, which included a heap overflow flaw enabling arbitrary code execution (CVE-2020-3742), a buffer error glitch allowing arbitrary code execution (CVE-2020-3752 and CVE-2020-3754), use after free errors (which occur when a program continues to use a pointer after it has been freed) enabling arbitrary code execution (CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751) and privilege escalation flaws that could allow for arbitrary file system write (CVE-2020-3762 and CVE-2020-3763).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/02/11101437/adobe-flaw.png>)Acrobat and Reader also had three important-rated information disclosure flaws and two moderate-rated memory leak vulnerabilities. Users are urged to update to the patched versions (see chart to left for updated versions).\n\nAdobe Digital Editions, Adobe\u2019s eBook reader software program, [also has a critical and an important flaw](<https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html>) in versions 4.5.10 and below. The critical flaw stems from a command-injection glitch (CVE-2020-3760) opening affected systems up to arbitrary code execution. [Command-injection attacks](<https://threatpost.com/verizon-quantum-gateway-command-injection-flaw-impacts-millions/143606/>) are possible when an application passes unsafe user supplied data (such as forms or HTTP headers) to a system shell.\n\nThe important flaw is a buffer error (CVE-2020-3759) enabling information disclosure. Users are urged to update to version 4.5.11 for Windows.\n\nFinally, [Adobe Experience Manager](<https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html>) (AEM), its content management solution for building websites, has an important-level uncontrolled resource consumption vulnerability (CVE-2020-3741) that could result in a denial-of-service condition.\n\nAdobe said that it\u2019s not aware of any exploits in the wild for patched flaws this month.\n\n_**Learn how Operational Technology and Information Technology systems are merging and changing security playbooks in this free Threatpost Webinar. Join us [Wednesday, Feb. 19 at 2 p.m. ET](<https://attendee.gotowebinar.com/register/2652328115100076035?source=art>) when a panel of OT and IT security experts will discuss how this growing trend is shaping security approaches for IoT and 5G rollouts. This webinar is for security and DevOps engineers, IoT edge developers and security executives.**_\n", "modified": "2020-02-11T16:09:31", "published": "2020-02-11T16:09:31", "id": "THREATPOST:A6F20078C61A1ED9A10E74F884FF3436", "href": "https://threatpost.com/adobe-security-update-critical-flash-framemaker-flaws/152782/", "type": "threatpost", "title": "Adobe Addresses Critical Flash, Framemaker Flaws", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
