Lucene search

K
kasperskyKaspersky LabKLA11708
HistoryMar 17, 2020 - 12:00 a.m.

KLA11708 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2020-03-1700:00:00
Kaspersky Lab
threats.kaspersky.com
48

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.4%

Detect date:

03/17/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Acrobat DC Continuous earlier than 2020.006.20042
Acrobat Reader DC Continuous earlier than 2020.006.20042
Acrobat 2017 Classic 2017 earlier than 2017.011.30166
Acrobat Reader 2017 Classic 2017 earlier than 2017.011.30166
Acrobat 2015 Classic 2015 earlier than 2015.006.30518
Acrobat Reader 2015 Classic 2015 earlier than 2015.006.30518

Solution:

Update to the latest version
Download Adobe Acrobat Reader DC

Original advisories:

APSB20-13

Impacts:

ACE

Related products:

Adobe Acrobat Reader DC Continuous

CVE-IDS:

CVE-2020-38005.0Warning
CVE-2020-38045.0Warning
CVE-2020-37957.5Critical
CVE-2020-37937.5Critical
CVE-2020-37927.5Critical
CVE-2020-38077.5Critical
CVE-2020-38017.5Critical
CVE-2020-37977.5Critical
CVE-2020-38026.8High
CVE-2020-38034.4Warning
CVE-2020-37997.5Critical
CVE-2020-38065.0Warning

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.4%