Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – ICS: CVE-2019-10923 – Siemens Industrial Real-Time (IRT) Devices Improper Input Validation Vulnerability
February 12, 2020Rewterz Threat Advisory – ICS: Synergy Systems & Solutions HUSKY RTU
February 13, 2020
Severity
High
Analysis Summary
Analysis Summary
This update fixes twenty-one vulnerabilities in Adobe Framemaker.
| Vulnerability Category | Severity | CVE Numbers |
| Buffer Error | Critical | CVE-2020-3734 |
| Heap Overflow | Critical | CVE-2020-3731CVE-2020-3735 |
| Memory Corruption | Critical | CVE-2020-3739CVE-2020-3740 |
| Out-of-Bounds Write | Critical | CVE-2020-3720CVE-2020-3721CVE-2020-3722CVE-2020-3723CVE-2020-3724CVE-2020-3725CVE-2020-3726CVE-2020-3727CVE-2020-3728CVE-2020-3729CVE-2020-3730CVE-2020-3732CVE-2020-3733CVE-2020-3736CVE-2020-3737CVE-2020-3738 |
This update resolved seventeen vulnerabilities in Adobe Acrobat and Reader.
| Vulnerability Category | Severity | CVE Number |
|---|---|---|
| Out-of-Bounds Read | Important | CVE-2020-3744CVE-2020-3747CVE-2020-3755 |
| Heap Overflow | Critical | CVE-2020-3742 |
| Buffer Error | Critical | CVE-2020-3752CVE-2020-3754 |
| Use After Free | Critical | CVE-2020-3743CVE-2020-3745CVE-2020-3746CVE-2020-3748CVE-2020-3749CVE-2020-3750CVE-2020-3751 |
| Stack exhaustion | Moderate | CVE-2020-3753 CVE-2020-3756 |
| Privilege Escalation | Critical | CVE-2020-3762CVE-2020-3763 |
A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.
| Vulnerability Category | Severity | CVE Number |
| Type Confusion | Critical | CVE-2020-3757 |
Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.
| Vulnerability Category | Severity | CVE Numbers |
| Buffer Errors | Important | CVE-2020-3759 |
| Command Injection | Critical | CVE-2020-3760 |
Adobe fixes a denial of service vulnerability in Adobe Experience Manager.
| Vulnerability Category | Severity | CVE Number |
| Uncontrolled Resource Consumption | Important | CVE-2020-3741 |
Impact
- Denial of Service
- Information Disclosure
- Arbitrary code execution
- Memory Leak
Affected Vendors
Adobe
Affected Products
- Adobe Framemaker 2019.0.4 and below
- Acrobat DC & Acrobat Reader DC 2019.021.20061 and earlier versions for Windows & macOS
- Adobe Flash Player Desktop Runtime 32.0.0.321 and earlier for Windows and macOS
- Adobe Flash Player Desktop Runtime 32.0.0.314 and earlier for Linux
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.255 and earlier for Windows 10 and 8.1
- Adobe Digital Editions 4.5.10 and below for Windows
- Adobe Experience Manager 6.5 and 6.4 for all platforms
- Acrobat & Acrobat Reader 2015.006.30508 and earlier versions for Windows & macOS
- Acrobat for Windows 2017 & Acrobat Reader for MacOS 2017 2017.011.30156 and earlier versions
- Adobe Flash Player for Google Chrome 32.0.0.321 and earlier for Windows macOS Linux and Chrome OS
Remediation
Apply following updates:
- Adobe Framemaker 2019.0.5
- The latest version of Adobe Acrobat and Reader.
- Adobe Flash Player 32.0.0.330
- Adobe Digital Editions 4.5.11
- Latest version of Adobe Experience Manager