Lucene search

AdobeCVELIST:CVE-2024-39425

HistoryAug 14, 2024 - 3:07 p.m.

CVE-2024-39425 Security vulnerability in AdobeARMHelper

2024-08-1415:07:23

CWE-367

adobe

www.cve.org

cve-2024-39425

adobearmhelper

toctou race condition

privilege escalation

local access

attack complexity high

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.1%

JSON

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Acrobat Reader",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "24.001.30123",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/acrobat/apsb24-57.html

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.1%

JSON

Related for CVELIST:CVE-2024-39425