March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking
March 17, 2020
Rewterz Threat Alert – Trickbot gtag red5 distributed as a DLL file
March 18, 2020
Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking
March 17, 2020
Rewterz Threat Alert – Trickbot gtag red5 distributed as a DLL file
March 18, 2020
Severity
High
Analysis Summary
Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution. Out of these 13 vulnerabilities, 4 are rated as ‘Important’ as they lead to information disclosure or privilege escalation, whereas other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Out-of-bounds read | Information Disclosure | Important | CVE-2020-3804CVE-2020-3806 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-3795 |
| Stack-based buffer overflow | Arbitrary Code Execution | Critical | CVE-2020-3799 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2020-3792CVE-2020-3793CVE-2020-3801CVE-2020-3802CVE-2020-3805 |
| Memory address leak | Information Disclosure | Important | CVE-2020-3800 |
| Buffer overflow | Arbitrary Code Execution | Critical | CVE-2020-3807 |
| Memory corruption | Arbitrary Code Execution | Critical | CVE-2020-3797 |
| Insecure library loading (DLL hijacking) | Privilege Escalation | Important | CVE-2020-3803 |
Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.
Impact
- Unauthorized command execution
- Information disclosure
- Privilege escalation
Affected Vendors
Adobe
Affected Products
- Acrobat DC 2020.006.20034 and earlier versions for Windows & macOS
- Acrobat Reader DC 2020.006.20034 and earlier versions for Windows & macOS
- Acrobat 2017 2017.011.30158 and earlier versions for Windows & macOS
- Acrobat Reader 2017 2017.011.30158 and earlier versions for Windows & macOS
- Acrobat 2015 2015.006.30510 and earlier versions for Windows & macOS
- Acrobat Reader 2015 2015.006.30510?and earlier versions for Windows & macOS
Remediation
Update affected products for Windows and MacOS to:
- Acrobat DC version 2020.006.20042
- Acrobat Reader DC version 2020.006.20042
- Acrobat 2017 version 2017.011.30166
- Acrobat Reader 2017 2017.011.30166
- Acrobat 2015 version 2015.006.30518
- Acrobat Reader 2015 version 2015.006.30518
Updates are installed automatically. If not, users can manually update their product installations by choosing Help > Check for Updates.