Summary
| Detail | |||
|---|---|---|---|
| Vendor | Adobe | First view | 2017-01-10 |
| Product | Acrobat Dc | Last view | 2024-12-19 |
| Version | 15.020.20042 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | continuous | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:adobe:acrobat_dc | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2024-12-19 | CVE-2023-21586 | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-19 | CVE-2022-44520 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-19 | CVE-2022-44519 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-19 | CVE-2022-44518 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-19 | CVE-2022-44517 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-19 | CVE-2022-44516 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-19 | CVE-2022-44515 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-19 | CVE-2022-44514 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-19 | CVE-2022-44513 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-19 | CVE-2022-44512 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 6.3 | 2024-12-10 | CVE-2024-49535 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document. |
| 5.5 | 2024-12-10 | CVE-2024-49534 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-10 | CVE-2024-49533 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-10 | CVE-2024-49532 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-12-10 | CVE-2024-49531 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-12-10 | CVE-2024-49530 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-09-13 | CVE-2024-45112 | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-09-13 | CVE-2024-41869 | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-09-05 | CVE-2024-45107 | Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-08-14 | CVE-2024-41835 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-08-14 | CVE-2024-41834 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-08-14 | CVE-2024-41833 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2024-08-14 | CVE-2024-41832 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-08-14 | CVE-2024-41831 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2024-08-14 | CVE-2024-41830 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 36% (395) | CWE-125 | Out-of-bounds Read |
| 23% (255) | CWE-416 | Use After Free |
| 16% (176) | CWE-787 | Out-of-bounds Write |
| 14% (151) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 1% (13) | CWE-704 | Incorrect Type Conversion or Cast |
| 1% (13) | CWE-476 | NULL Pointer Dereference |
| 1% (13) | CWE-200 | Information Exposure |
| 1% (12) | CWE-190 | Integer Overflow or Wraparound |
| 0% (6) | CWE-415 | Double Free |
| 0% (6) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (4) | CWE-427 | Uncontrolled Search Path Element |
| 0% (4) | CWE-20 | Improper Input Validation |
| 0% (3) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (2) | CWE-362 | Race Condition |
| 0% (2) | CWE-129 | Improper Validation of Array Index |
| 0% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (1) | CWE-674 | Uncontrolled Recursion |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (1) | CWE-347 | Improper Verification of Cryptographic Signature |
| 0% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 0% (1) | CWE-269 | Improper Privilege Management |
| 0% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 0% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 0% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-07-07 | Adobe Reader custom JavaScript field use-after-free attempt RuleID : 54190 - Type : FILE-PDF - Revision : 1 |
| 2020-07-07 | Adobe Reader custom JavaScript field use-after-free attempt RuleID : 54189 - Type : FILE-PDF - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1031 attack attempt RuleID : 53564 - Type : FILE-PDF - Revision : 2 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1031 attack attempt RuleID : 53563 - Type : FILE-PDF - Revision : 3 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1028 attack attempt RuleID : 53486 - Type : FILE-PDF - Revision : 2 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1028 attack attempt RuleID : 53485 - Type : FILE-PDF - Revision : 2 |
| 2020-03-24 | Adobe Acrobat CTextWidget memory corruption attempt RuleID : 53149 - Type : FILE-PDF - Revision : 1 |
| 2020-03-24 | Adobe Acrobat CTextWidget memory corruption attempt RuleID : 53148 - Type : FILE-PDF - Revision : 1 |
| 2020-01-07 | Adobe Acrobat and Reader crafted .joboptions file download attempt RuleID : 52383 - Type : FILE-OTHER - Revision : 1 |
| 2019-12-03 | Adobe Acrobat Reader JP2 image stream parsing double free attempt RuleID : 52041 - Type : FILE-PDF - Revision : 1 |
| 2019-12-03 | Adobe Acrobat Reader JP2 image stream parsing double free attempt RuleID : 52040 - Type : FILE-PDF - Revision : 1 |
| 2019-10-01 | Adobe Acrobat XPS TTF cmap out-of-bounds read attempt RuleID : 51380 - Type : FILE-OTHER - Revision : 1 |
| 2019-10-01 | Adobe Acrobat XPS TTF cmap out-of-bounds read attempt RuleID : 51379 - Type : FILE-OTHER - Revision : 1 |
| 2019-08-27 | Schneider Electric Quantum modicon ethernet module unauthenticated password r... RuleID : 50779 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-07-16 | Adobe Acrobat double free attempt RuleID : 50449 - Type : FILE-PDF - Revision : 1 |
| 2019-07-16 | Adobe Acrobat double free attempt RuleID : 50448 - Type : FILE-PDF - Revision : 1 |
| 2019-07-16 | Adobe Acrobat TIFF heap buffer overflow attempt RuleID : 50444 - Type : FILE-IMAGE - Revision : 2 |
| 2019-07-16 | Adobe Acrobat TIFF heap buffer overflow attempt RuleID : 50443 - Type : FILE-IMAGE - Revision : 2 |
| 2019-07-16 | Adobe Acrobat TIFF heap buffer overflow attempt RuleID : 50442 - Type : FILE-IMAGE - Revision : 2 |
| 2019-07-16 | Adobe Acrobat TIFF heap buffer overflow attempt RuleID : 50441 - Type : FILE-IMAGE - Revision : 2 |
| 2019-07-04 | Adobe Acrobat execCalculate use after free attempt RuleID : 50298 - Type : FILE-PDF - Revision : 2 |
| 2019-07-04 | Adobe Acrobat execCalculate use after free attempt RuleID : 50297 - Type : FILE-PDF - Revision : 2 |
| 2019-07-02 | Adobe Acrobat out-of-bounds read attempt RuleID : 50272 - Type : FILE-PDF - Revision : 1 |
| 2019-07-02 | Adobe Acrobat out-of-bounds read attempt RuleID : 50271 - Type : FILE-PDF - Revision : 1 |
| 2019-07-02 | Adobe Acrobat out-of-bounds read attempt RuleID : 50257 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-04 | Name: The version of Adobe Reader installed on the remote macOS host is affected by... File: macosx_adobe_reader_apsb19-02.nasl - Type: ACT_GATHER_INFO |
| 2019-01-04 | Name: The version of Adobe Acrobat installed on the remote macOS host is affected b... File: macosx_adobe_acrobat_apsb19-02.nasl - Type: ACT_GATHER_INFO |
| 2019-01-04 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb19-02.nasl - Type: ACT_GATHER_INFO |
| 2019-01-04 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb19-02.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The version of Adobe Reader installed on the remote host is affected by multi... File: macosx_adobe_reader_apsb18-41.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The version of Adobe Acrobat installed on the remote host is affected by mult... File: macosx_adobe_acrobat_apsb18-41.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-41.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb18-41.nasl - Type: ACT_GATHER_INFO |
| 2018-11-14 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-40.nasl - Type: ACT_GATHER_INFO |
| 2018-11-14 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb18-40.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: The version of Adobe Acrobat installed on the remote host is affected by mult... File: macosx_adobe_acrobat_apsb18-30.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb18-30.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-30.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: The version of Adobe Reader installed on the remote host is affected by multi... File: macosx_adobe_reader_apsb18-30.nasl - Type: ACT_GATHER_INFO |
| 2018-09-19 | Name: The version of Adobe Reader installed on the remote host is affected by multi... File: macosx_adobe_reader_apsb18-34.nasl - Type: ACT_GATHER_INFO |
| 2018-09-19 | Name: The version of Adobe Acrobat installed on the remote host is affected by mult... File: macosx_adobe_acrobat_apsb18-34.nasl - Type: ACT_GATHER_INFO |
| 2018-09-19 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-34.nasl - Type: ACT_GATHER_INFO |
| 2018-09-19 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb18-34.nasl - Type: ACT_GATHER_INFO |
| 2018-08-16 | Name: The version of Adobe Reader installed on the remote host is affected by multi... File: macosx_adobe_reader_apsb18-29.nasl - Type: ACT_GATHER_INFO |
| 2018-08-16 | Name: The version of Adobe Acrobat installed on the remote host is affected by mult... File: macosx_adobe_acrobat_apsb18-29.nasl - Type: ACT_GATHER_INFO |
| 2018-08-16 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-29.nasl - Type: ACT_GATHER_INFO |
| 2018-08-16 | Name: The version of Adobe Acrobat installed on the remote Windows host is affected... File: adobe_acrobat_apsb18-29.nasl - Type: ACT_GATHER_INFO |
| 2018-07-12 | Name: The version of Adobe Reader installed on the remote Windows host is affected ... File: adobe_reader_apsb18-21.nasl - Type: ACT_GATHER_INFO |
| 2018-07-12 | Name: The version of Adobe Reader installed on the remote host is affected by multi... File: macosx_adobe_reader_apsb18-21.nasl - Type: ACT_GATHER_INFO |
| 2018-07-12 | Name: The version of Adobe Acrobat installed on the remote host is affected by mult... File: macosx_adobe_acrobat_apsb18-21.nasl - Type: ACT_GATHER_INFO |
