Home

CVE-2020-24434

Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Risk Information

Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.604

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Acrobat DC Continuous 2020.013.20064Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064)(APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat 2020 (Classic Track) (20.001.30010)Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67)Windows
Multiple vulnerabilities fixed in Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67)Windows
Multiple Vulnerabilities are affected in Adobe Acrobat DC for MAC 17.011.30175Mac
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC for MAC 20.012.20048Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343119Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-316824Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064)(APSB20-67)
PATCH-316847Adobe Acrobat 2020 (Classic Track) (20.001.30010) (APSB20-67)
PATCH-316830Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67)
PATCH-316821Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67)
PATCH-316823Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67)
PATCH-611991Adobe Acrobat DC for MAC (25.001.20693)(Deployment-Only)
PATCH-611989Adobe Acrobat Reader DC for MAC (25.001.20693)(Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234