KLA11583 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Type confusion vulnerability can be exploited to execute arbitrary code;
2. Heap overflow vulnerabilities can be exploited to execute arbitrary code;
3. Out-of-bound read vulnerability can be exploited to obtain sensitive information;
4. Out-of-bounds write vulnerability can be exploited to execute arbitrary code;
5. Use-after-free vulnerability can be exploited to execute arbitrary code;
6. Out-of-bound read vulnerability can be exploited to obtain sensitive information;
7. Untrusted pointer dereference vulnerabilities can be exploited to execute arbitrary code;
8. Vulnerability related to Incomplete Implementation of Security Mechanism can be exploited to obtain sensitive information;
9. Race Condition vulnerabilities can be exploited to execute arbitrary code;
10. Out-of-bounds write vulnerability can be exploited to execute arbitrary code;
11. Cross-site Scripting vulnerability can be exploited to obtain sensitive information;
12. Use-after-free vulnerability can be exploited to execute arbitrary code;
13. Buffer Overrun vulnerabilities can be exploited to execute arbitrary code.

Original advisories

APSB19-49

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-Reader-DC-Classic

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-DC-Classic

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

CVE list

CVE-2019-8169 critical

CVE-2019-8183 critical

CVE-2019-8218 warning

CVE-2019-8186 critical

CVE-2019-8216 warning

CVE-2019-8203 high

CVE-2019-8194 warning

CVE-2019-8173 warning

CVE-2019-8190 warning

CVE-2019-8220 critical

CVE-2019-8207 warning

CVE-2019-8064 warning

CVE-2019-8198 warning

CVE-2019-8181 high

CVE-2019-8182 warning

CVE-2019-8219 high

CVE-2019-8209 high

CVE-2019-8205 critical

CVE-2019-8206 critical

CVE-2019-8222 warning

CVE-2019-8202 warning

CVE-2019-8226 warning

CVE-2019-8193 warning

CVE-2019-8195 critical

CVE-2019-8168 warning

CVE-2019-8200 critical

CVE-2019-8167 critical

CVE-2019-8197 critical

CVE-2019-8170 high

CVE-2019-8217 high

CVE-2019-8162 high

CVE-2019-8199 critical

CVE-2019-8196 critical

CVE-2019-8174 high

CVE-2019-8178 high

CVE-2019-8225 high

CVE-2019-8160 warning

CVE-2019-8224 high

CVE-2019-8177 high

CVE-2019-8204 high

CVE-2019-8210 high

CVE-2019-8164 warning

CVE-2019-8185 warning

CVE-2019-8212 critical

CVE-2019-8201 warning

CVE-2019-8215 critical

CVE-2019-8165 high

CVE-2019-8187 warning

CVE-2019-8188 warning

CVE-2019-8208 high

CVE-2019-8223 high

CVE-2019-8184 warning

CVE-2019-8191 high

CVE-2019-8172 warning

CVE-2019-8175 high

CVE-2019-8180 high

CVE-2019-8179 high

CVE-2019-8163 warning

CVE-2019-8171 high

CVE-2019-8161 critical

CVE-2019-8221 critical

CVE-2019-8189 warning

CVE-2019-8176 high

CVE-2019-8214 critical

CVE-2019-8192 high

CVE-2019-8213 critical

CVE-2019-8211 critical

CVE-2019-8166 high

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

• Adobe Acrobat DC (Continuous track) earlier than 2019.021.20047Adobe Acrobat Reader DC (Continuous track) earlier than 2019.021.20047Adobe Acrobat 2017 (Classic 2017 track) earlier than 2017.011.30150Adobe Acrobat Reader 2017 (Classic 2017 track) earlier than 2017.011.30150Adobe Acrobat (Classic 2015 track) earlier than 2015.006.30504Adobe Acrobat Reader (Classic 2015 track) earlier than 2015.006.30504