Severity
High
Analysis Summary
CVE-2020-9676, CVE-2020-9674
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2020-9675
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2020-9663
Adobe Reader Mobile for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system.
Impact
- Execute arbitrary code
- Application crash
Affected Vendors
Adobe
Affected Products
- Adobe Bridge
- Adobe Reader Mobile
Remediation
Refer to Adobe advisory for the complete list of affected products and respective patches.