PT-2023-8724 · Adobe · Adobe Acrobat Reader Document Cloud+3

Published

2023-12-04

Updated

2024-03-12

CVE-2024-20765

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier

Description The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This vulnerability affects programs for viewing and editing PDF files, including Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020.

Recommendations For Adobe Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier, update the software to a version that is not affected by this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-01739

CVE-2024-20765

ZDI-24-284

Affected Products

Acrobat

Acrobat Document Cloud

Acrobat Reader

Adobe Acrobat Reader Document Cloud

PT-2023-8724 · Adobe · Adobe Acrobat Reader Document Cloud+3

CVE-2024-20765

Weakness Enumeration

Related Identifiers

Affected Products

References · 12