Kaspersky LabKLA11458KLA11458 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.552 Medium
EPSS
Percentile
97.6%
Detect date:
04/09/2019
Severity:
Critical
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Acrobat DC Continuous 2019.010.20098 and earlier versions for Windows and macOS
Acrobat Reader DC Continuous 2019.010.20098 and earlier versions for Windows and macOS
Acrobat 2017 2017.011.30127 and earlier version for Windows and macOS
Acrobat Reader 2017.011.30127 and earlier version for Windows and macOS
Acrobat DC Classic 2015.006.30482 and earlier versions for Windows and macOS
Acrobat Reader DC Classic 2015.006.30482 and earlier versions for Windows and macOS
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Security updates available for Adobe Acrobat and Reader | APSB19-17
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
CVE-2019-70615.0Warning
CVE-2019-71094.3Warning
CVE-2019-71104.3Warning
CVE-2019-71145.0Warning
CVE-2019-71155.0Warning
CVE-2019-71165.0Warning
CVE-2019-71215.0Warning
CVE-2019-71225.0Warning
CVE-2019-71235.0Warning
CVE-2019-71274.3Warning
CVE-2019-71119.3Critical
CVE-2019-71259.3Critical
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7127
get.adobe.com/ru/reader/
helpx.adobe.com/security/products/acrobat/apsb19-17.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.552 Medium
EPSS
Percentile
97.6%