CVE-2020-24433

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 2020.012.20048 and earlier Adobe Acrobat Reader DC versions 2020.001.30005 and earlier Adobe Acrobat Reader DC versions 2017.011.30175 and earlier

Description The issue is related to improper access control in Adobe Acrobat and Reader, which could allow a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.

Recommendations For Adobe Acrobat Reader DC versions 2020.012.20048 and earlier, update to a version later than 2020.012.20048 to resolve the issue. For Adobe Acrobat Reader DC versions 2020.001.30005 and earlier, update to a version later than 2020.001.30005 to resolve the issue. For Adobe Acrobat Reader DC versions 2017.011.30175 and earlier, update to a version later than 2017.011.30175 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.