CVE-2024-49535

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.005.20307 through 24.001.30193 Acrobat Reader versions 20.005.30730 through 20.005.30710 and earlier

Description The issue is related to an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. This vulnerability allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox or arbitrary code execution. Exploitation of this issue requires user interaction, where a victim must process a malicious XML document.

Recommendations For Acrobat Reader versions 24.005.20307 through 24.001.30193, update to a version that is not affected by this issue. For Acrobat Reader versions 20.005.30730 through 20.005.30710 and earlier, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the processing of XML documents from untrusted sources until a patch is available.