CVE-2024-39420

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 20.005.30636 through 24.003.20054 and earlier Adobe Acrobat 2020 and earlier Adobe Acrobat 2024 and earlier Adobe Acrobat Reader 2020 and earlier Adobe Acrobat Reader Document Cloud and earlier Adobe Acrobat Document Cloud and earlier

Description The issue is related to a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file. The vulnerability is also associated with errors in synchronization when using a shared resource, which can be described as a "race condition".

Recommendations For Acrobat Reader versions 20.005.30636 through 24.003.20054 and earlier, update to a version that is not affected by this issue. For Adobe Acrobat 2020 and earlier, update to a version that is not affected by this issue. For Adobe Acrobat 2024 and earlier, update to a version that is not affected by this issue. For Adobe Acrobat Reader 2020 and earlier, update to a version that is not affected by this issue. For Adobe Acrobat Reader Document Cloud and earlier, update to a version that is not affected by this issue. For Adobe Acrobat Document Cloud and earlier, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of shared resources that may be vulnerable to the "race condition" until a patch is available. Avoid opening malicious files to minimize the risk of exploitation.