← Voltar para CVEs
CVE-2020-24436
HIGH7.8
Descricao
Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado11/5/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
adobe:acrobatadobe:acrobat_dcadobe:acrobat_readeradobe:acrobat_reader_dcapple:macosmicrosoft:windows
Fraquezas (CWE)
CWE-787
Referencias
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html(psirt@adobe.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-1355/(psirt@adobe.com)
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1355/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.