Kaspersky LabKLA11991KLA11991 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.179 Low
EPSS
Percentile
96.1%
Detect date:
11/03/2020
Severity:
High
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service.
Affected products:
Adobe Acrobat DC Continuous earlier than 2020.013.20064
Adobe Acrobat 2020 Classic earlier than 2020.001.30010
Adobe Acrobat 2017 Classic earlier than 2017.011.30180
Adobe Acrobat Reader DC Continuous earlier than 2020.013.20064
Adobe Acrobat Reader 2020 Classic earlier than 2020.001.30010
Adobe Acrobat Reader 2017 Classic earlier than 2017.011.30180
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
CVE-2020-244297.8Critical
CVE-2020-244357.8Critical
CVE-2020-244367.8Critical
CVE-2020-244392.8Warning
CVE-2020-244314.4Warning
CVE-2020-244377.8Critical
CVE-2020-244287.7Critical
CVE-2020-244337.8Critical
CVE-2020-244343.3Warning
CVE-2020-244273.3Warning
CVE-2020-244263.3Warning
CVE-2020-244307.8Critical
CVE-2020-244383.3Warning
CVE-2020-244327.8Critical
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24439
get2.adobe.com/uk/reader/
helpx.adobe.com/security/products/acrobat/apsb20-67.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.179 Low
EPSS
Percentile
96.1%