SEVERITY: Medium

CATEGORY: Vulnerability

ANALYSIS SUMMARY

Adobe Reader and Adobe Acrobat are vulnerable to multiple flaws which when exploited by people with malicious intent may lead to bypassing of certain security restrictions and compromising a vulnerable system.

1) A use-after-free error can be exploited to corrupt memory and subsequently execute arbitrary code.

2) An unspecified error can be exploited to gain otherwise restricted privileges.

Impact

System Access, Security bypass, code execution

Affected Products

• Acrobat DC versions 2019.010.20064 and prior running on Windows and macOS
• Acrobat Reader DC versions 2019.010.20064 and prior running on Windows and macOS
• Acrobat 2017 versions 2017.011.30110 and prior running on Windows and macOS
• Acrobat Reader DC 2017 versions 2017.011.30110 and prior running on Windows and macOS
• Acrobat DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and and macOS
• Acrobat Reader DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and macOS

Remediation

Update to a fixed version if available.

• Acrobat DC / Acrobat Reader DC 2019 running on Windows and macOS:

Update to version 2019.010.20069.

• Acrobat 2017 / Acrobat Reader DC 2017 running on Windows and macOS:

Update to version 2017.011.30113.

• Acrobat DC / Acrobat Reader DC (Classic 2015) running on Windows and macOS:

Update to version 2015.006.30464.