Request a Demo
Rewterz
Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking
March 17, 2020
Rewterz
Rewterz Threat Alert – Trickbot gtag red5 distributed as a DLL file
March 18, 2020

Rewterz Threat Advisory – Adobe Fixes 13 Vulnerabilities in Reader and Acrobat

Severity

High

Analysis Summary

Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution. Out of these 13 vulnerabilities, 4 are rated as ‘Important’ as they lead to information disclosure or privilege escalation, whereas other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer. 

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds readInformation DisclosureImportantCVE-2020-3804CVE-2020-3806
Out-of-bounds writeArbitrary Code ExecutionCriticalCVE-2020-3795
Stack-based buffer overflowArbitrary Code ExecutionCriticalCVE-2020-3799
 
Use-after-freeArbitrary Code ExecutionCriticalCVE-2020-3792CVE-2020-3793CVE-2020-3801CVE-2020-3802CVE-2020-3805
Memory address leak  Information DisclosureImportantCVE-2020-3800
Buffer overflowArbitrary Code ExecutionCriticalCVE-2020-3807
Memory corruptionArbitrary Code ExecutionCriticalCVE-2020-3797
Insecure library loading (DLL hijacking)Privilege EscalationImportantCVE-2020-3803

Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.

Impact

  • Unauthorized command execution
  • Information disclosure
  • Privilege escalation

Affected Vendors

Adobe

Affected Products

  • Acrobat DC 2020.006.20034 and earlier versions for Windows & macOS
  • Acrobat Reader DC 2020.006.20034 and earlier versions for Windows & macOS
  • Acrobat 2017 2017.011.30158 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 2017.011.30158 and earlier versions for Windows & macOS
  • Acrobat 2015 2015.006.30510 and earlier versions for Windows & macOS
  • Acrobat Reader 2015 2015.006.30510?and earlier versions for Windows & macOS

Remediation

Update affected products for Windows and MacOS to:

  • Acrobat DC version 2020.006.20042
  • Acrobat Reader DC version 2020.006.20042
  • Acrobat 2017 version 2017.011.30166
  • Acrobat Reader 2017 2017.011.30166
  • Acrobat 2015 version 2015.006.30518
  • Acrobat Reader 2015 version 2015.006.30518

Updates are installed automatically. If not, users can manually update their product installations by choosing Help > Check for Updates.