Rewterz Threat Alert – LokiBot Malware – IOCs
November 3, 2020Rewterz Threat Alert – Verified Phishing URLs
November 4, 2020Rewterz Threat Alert – LokiBot Malware – IOCs
November 3, 2020Rewterz Threat Alert – Verified Phishing URLs
November 4, 2020Severity
High
Analysis Summary
CVE-2020-24428
Adobe Acrobat and Adobe Reader could allow a local attacker to gain elevated privileges on the system, caused by a race condition. By persuading a victim to open a specially-crafted document, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2020-24431
Adobe Acrobat and Adobe Reader could allow a remote attacker to bypass security restrictions, caused by a dynamic library injection. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to bypass access restrictions.
CVE-2020-24429
Adobe Acrobat and Adobe Reader could allow a local attacker to gain elevated privileges on the system, caused by a signature verification bypass. By persuading a victim to open a specially-crafted document, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2020-24427
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by improper input validation. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege escalation
- Security bypass
- Information disclosure
Affected Vendors
Adobe
Affected Products
Adobe Acrobat and Reader
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.