CVE-2020-24436

EUVD-2020-17156

05.11.2020, 20:15

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat	𝑥 ≤ 20.001.30005
adobe	acrobat_dc	𝑥 ≤ 17.011.30175
adobe	acrobat_dc	𝑥 ≤ 20.012.20048
adobe	acrobat_reader	𝑥 ≤ 20.001.30005
adobe	acrobat_reader_dc	𝑥 ≤ 17.011.30175
adobe	acrobat_reader_dc	𝑥 ≤ 20.012.20048

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://helpx.adobe.com/security/products/acrobat/apsb20-67.html

https://www.zerodayinitiative.com/advisories/ZDI-20-1355/

https://helpx.adobe.com/security/products/acrobat/apsb20-67.html

https://www.zerodayinitiative.com/advisories/ZDI-20-1355/