PT-2019-4516 · Adobe · Acrobat+1

Publicado

2019-10-15

·

Atualizado

2021-09-08

·

CVE-2019-8175

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to 2019.012.20040 Adobe Acrobat versions prior to 2017.011.30148 Adobe Acrobat versions prior to 2015.006.30503 Adobe Reader versions prior to 2019.012.20040 Adobe Reader versions prior to 2017.011.30148 Adobe Reader versions prior to 2015.006.30503
Description The issue is related to a use-after-free vulnerability, which could lead to arbitrary code execution if successfully exploited. This vulnerability affects Adobe Acrobat and Reader, allowing remote attackers to execute arbitrary code.
Recommendations For Adobe Acrobat and Reader versions prior to 2019.012.20040, update to a version later than 2019.012.20040. For Adobe Acrobat and Reader versions prior to 2017.011.30148, update to a version later than 2017.011.30148. For Adobe Acrobat and Reader versions prior to 2015.006.30503, update to a version later than 2015.006.30503. As a temporary workaround, consider disabling the DST File Parsing functionality until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2020-00510
CVE-2019-8175
ZDI-19-875

Produtos afetados

Acrobat
Reader