Adobe updates of reader and acrobat releases with 13 vulnerabilities fixes
Adobe has released security updates for Adobe Acrobat and Adobe Reader fixing total 13 vulnerabilities. Out of these, the four are the ones that lead to information disclosure or privilege escalation. The other 9s allow the attackers to create malicious PDFs or other malicious actions by exploiting the vulnerabilities and executing commands on the targeted device.
The list of the 13 vulnerabilities includes:
- Out-of-bounds read - CVE-2020-3804 and CVE-2020-3806 has the severity level as important as it can cause the information disclosure
- Out-of-bounds write -CVE-2020-3795 – used for Arbitrary code execution
- Stack-based buffer overflow -CVE-2020-3799 – the critical one and is also used for Arbitrary code execution
- Use-after-free -having the CVC numbers CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802 and CVE-2020-3805 are also used for Arbitrary code execution
- Memory address leak -CVE-2020-3800 -is the one of the vulnerabilities used for information disclosure
- Buffer overflow- critical severity CVE-2020-3807 vulnerability used for Arbitrary code execution
- Memory corruption- CVE-2020-3797 is yet another vulnerability of used for arbitrary code execution
- Insecure library loading (DLL hijacking)- CVE-2020-3803 -is the last one in the list of the four most important vulnerabilities used for information disclosure
Adobe recommends the users upgrade to the patched versions of the Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015 and Acrobat Reader 2015.