CVE-2020-24428

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 2020.012.20048 and earlier Adobe Acrobat Reader DC versions 2020.001.30005 and earlier Adobe Acrobat Reader DC versions 2017.011.30175 and earlier

Description A time-of-check time-of-use (TOCTOU) race condition issue affects the software, potentially resulting in local privilege escalation. Exploitation requires user interaction, where a victim must open a malicious file. This issue may allow an attacker to elevate their privileges using a specially crafted file.

Recommendations For Adobe Acrobat Reader DC versions 2020.012.20048 and earlier, update to a version later than 2020.012.20048 to resolve the issue. For Adobe Acrobat Reader DC versions 2020.001.30005 and earlier, update to a version later than 2020.001.30005 to resolve the issue. For Adobe Acrobat Reader DC versions 2017.011.30175 and earlier, update to a version later than 2017.011.30175 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious files until a patch is available.