• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – ICS: CVE-2019-10923 – Siemens Industrial Real-Time (IRT) Devices Improper Input Validation Vulnerability
February 12, 2020
Rewterz Threat Advisory – ICS: Synergy Systems & Solutions HUSKY RTU
February 13, 2020

Rewterz Threat Advisory – Adobe Releases Security Updates Fixing over 40 Vulnerabilities in Different Products

February 12, 2020

Severity

High

Analysis Summary

Analysis Summary

This update fixes twenty-one vulnerabilities in Adobe Framemaker.

Vulnerability CategorySeverityCVE Numbers
Buffer Error    CriticalCVE-2020-3734    
Heap Overflow    CriticalCVE-2020-3731CVE-2020-3735
Memory Corruption    CriticalCVE-2020-3739CVE-2020-3740    
Out-of-Bounds Write    CriticalCVE-2020-3720CVE-2020-3721CVE-2020-3722CVE-2020-3723CVE-2020-3724CVE-2020-3725CVE-2020-3726CVE-2020-3727CVE-2020-3728CVE-2020-3729CVE-2020-3730CVE-2020-3732CVE-2020-3733CVE-2020-3736CVE-2020-3737CVE-2020-3738    

 This update resolved seventeen vulnerabilities in Adobe Acrobat and Reader.

Vulnerability CategorySeverityCVE Number
Out-of-Bounds ReadImportantCVE-2020-3744CVE-2020-3747CVE-2020-3755    
Heap OverflowCriticalCVE-2020-3742
Buffer ErrorCriticalCVE-2020-3752CVE-2020-3754    
Use After FreeCriticalCVE-2020-3743CVE-2020-3745CVE-2020-3746CVE-2020-3748CVE-2020-3749CVE-2020-3750CVE-2020-3751    
Stack exhaustion    Moderate    CVE-2020-3753  CVE-2020-3756  
Privilege EscalationCriticalCVE-2020-3762CVE-2020-3763

A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.

Vulnerability CategorySeverityCVE Number
Type ConfusionCriticalCVE-2020-3757

Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.

Vulnerability CategorySeverityCVE Numbers
Buffer ErrorsImportantCVE-2020-3759 
Command Injection CriticalCVE-2020-3760

Adobe fixes a denial of service vulnerability in Adobe Experience Manager.

Vulnerability Category
 
Severity
 
CVE Number 
 
Uncontrolled Resource ConsumptionImportantCVE-2020-3741

Impact

  • Denial of Service
  • Information Disclosure
  • Arbitrary code execution
  • Memory Leak

Affected Vendors

Adobe

Affected Products

  • Adobe Framemaker 2019.0.4 and below
  • Acrobat DC & Acrobat Reader DC 2019.021.20061 and earlier versions for Windows & macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.321 and earlier for Windows and macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.314 and earlier for Linux
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.255 and earlier for Windows 10 and 8.1
  • Adobe Digital Editions 4.5.10 and below for Windows
  • Adobe Experience Manager 6.5 and 6.4 for all platforms
  • Acrobat & Acrobat Reader 2015.006.30508 and earlier versions for Windows & macOS
  • Acrobat for Windows 2017 & Acrobat Reader for MacOS 2017 2017.011.30156 and earlier versions
  • Adobe Flash Player for Google Chrome 32.0.0.321 and earlier for Windows macOS Linux and Chrome OS

Remediation

Apply following updates:

  • Adobe Framemaker 2019.0.5
  • The latest version of Adobe Acrobat and Reader.
  • Adobe Flash Player 32.0.0.330
  • Adobe Digital Editions 4.5.11
  • Latest version of Adobe Experience Manager

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.