CVE-2020-24431

Summary

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Software

VendorProductVersion RangeStatus
AdobeAcrobat Readerunspecified <= 2017.011.30175affected
AdobeAcrobat Readerunspecified <= 2020.012.20048affected
AdobeAcrobat Readerunspecified <= 2020.001.30005affected
AdobeAcrobat Readerunspecified <= Noneaffected

Weaknesses

  • CWE-285: Improper Authorization (CWE-285)

ADP Enrichment

CVE Program Container

Additional References

References