Home

CVE-2020-24433

Description

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.664

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Acrobat DC Continuous 2020.013.20064Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064)(APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat 2020 (Classic Track) (20.001.30010)Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67)Windows
Multiple Vulnerabilities are affected in Adobe Acrobat DC for MAC 17.011.30175Mac
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC for MAC 20.012.20048Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343119Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-316824Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064)(APSB20-67)
PATCH-316847Adobe Acrobat 2020 (Classic Track) (20.001.30010) (APSB20-67)
PATCH-316830Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67)
PATCH-316821Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67)
PATCH-316823Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67)
PATCH-611991Adobe Acrobat DC for MAC (25.001.20693)(Deployment-Only)
PATCH-611989Adobe Acrobat Reader DC for MAC (25.001.20693)(Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234