Lucene search

Kaspersky LabKLA66493

HistoryFeb 13, 2024 - 12:00 a.m.

KLA66493 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2024-02-1300:00:00

Kaspersky Lab

threats.kaspersky.com

adobe

acrobat

reader

vulnerabilities

use after free

out of bounds

memory read

update

ace

dos

adobe acrobat dc

adobe acrobat reader dc

adobe acrobat 2020

adobe acrobat reader 2020

cve-2024-30303

cve-2024-30304

cve-2024-30301

cve-2024-30302

cve-2024-30306

cve-2024-30305

arbitrary code execution

denial of service

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

Use after free vulnerability can be exploited to cause denial of service or execute arbitrary code.
Out of bounds memory read vulnerability can be exploited to cause denial of service.

Original advisories

APSB24-07

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2024-30303 critical

CVE-2024-30304 critical

CVE-2024-30301 critical

CVE-2024-30302 high

CVE-2024-30306 critical

CVE-2024-30305 critical

Solution

Update to the latest version

Download Adobe Acrobat

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Adobe Acrobat DC Continuous earlier than 23.008.20533Adobe Acrobat Reader DC Continuous earlier than 23.008.20533Adobe Acrobat 2020  earlier than 20.005.30574Adobe Acrobat Reader 2020 earlier than 20.005.30574

References

helpx.adobe.com/security/products/acrobat/apsb24-07.html

statistics.securelist.com/

threats.kaspersky.com/en/product/Adobe-Acrobat-2020/

threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/

threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/

threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for KLA66493