CVE-2020-24428

Summary

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Software

VendorProductVersion RangeStatus
AdobeAcrobat Readerunspecified <= 2017.011.30175affected
AdobeAcrobat Readerunspecified <= 2020.012.20048affected
AdobeAcrobat Readerunspecified <= 2020.001.30005affected
AdobeAcrobat Readerunspecified <= Noneaffected

Weaknesses

  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

ADP Enrichment

CVE Program Container

Additional References

References