CVE-2024-39425

Summary

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.

Affected Software

VendorProductVersion RangeStatus
AdobeAcrobat Reader0 <= 24.001.30123affected

Weaknesses

  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References