PT-2020-6299 · Adobe · Acrobat+1
Published
2020-03-17
·
Updated
2021-09-08
·
CVE-2020-3803
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe Acrobat versions prior to 2020.006.20034
Adobe Acrobat Reader versions prior to 2020.006.20034
Adobe Acrobat versions prior to 2017.011.30158
Adobe Acrobat Reader versions prior to 2017.011.30158
Adobe Acrobat versions prior to 2015.006.30510
Adobe Acrobat Reader versions prior to 2015.006.30510
Description
The issue is related to insecure library loading, also known as dll hijacking, which can allow an attacker to escalate their privileges. Successful exploitation of this issue could lead to privilege escalation.
Recommendations
For Adobe Acrobat and Reader versions prior to 2020.006.20034, update to a version later than 2020.006.20034.
For Adobe Acrobat and Reader versions prior to 2017.011.30158, update to a version later than 2017.011.30158.
For Adobe Acrobat and Reader versions prior to 2015.006.30510, update to a version later than 2015.006.30510.
As a temporary workaround, consider restricting the loading of external libraries to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Acrobat
Acrobat Reader