Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat

Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution.

Adobe usually releases security updates in conjunction with Microsoft’s Patch Tuesday security updates, but this month nothing was released at that time.

Today, Adobe has released security updates that fix 13 vulnerabilities, with 4 rated as ‘Important’ as they lead to information disclosure or privilege escalation.

The other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer.

13 vulnerabilities fixed

The vulnerabilities fixed in ‘Security Bulletin for Adobe Acrobat and Reader | APSB20-13‘ security updates are:

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds read  Information Disclosure  Important   

CVE-2020-3804

CVE-2020-3806

Out-of-bounds writeArbitrary Code Execution     CriticalCVE-2020-3795
Stack-based buffer overflowArbitrary Code Execution     CriticalCVE-2020-3799
 
Use-after-freeArbitrary Code Execution Critical

CVE-2020-3792

CVE-2020-3793

CVE-2020-3801

CVE-2020-3802

CVE-2020-3805

Memory address leak  Information Disclosure  Important  CVE-2020-3800
Buffer overflowArbitrary Code Execution CriticalCVE-2020-3807
Memory corruptionArbitrary Code Execution CriticalCVE-2020-3797
Insecure library loading (DLL hijacking)Privilege EscalationImportant  CVE-2020-3803

Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.

Kent

Next Post

Prominent U.S. climate denial group fires president amid financial crisis | Science

Wed Mar 18 , 2020
Frank Lasee, a former state legislator, is out as head of the Heartland Institute, known for its efforts to question climate science. Douglas Graham/CQ Roll Call via AP Images By Scott Waldman, E&E NewsMar. 17, 2020 , 10:40 AM Originally published by E&E News The Heartland Institute is undergoing its […]