CVE-2020-24435
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Acrobat Reader | unspecified <= 2017.011.30175 | affected |
| Adobe | Acrobat Reader | unspecified <= 2020.012.20048 | affected |
| Adobe | Acrobat Reader | unspecified <= 2020.001.30005 | affected |
| Adobe | Acrobat Reader | unspecified <= None | affected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow (CWE-122)
ADP Enrichment
CVE Program Container
Additional References
- https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1157
References
- https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1157
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.