CVE-2020-24427 – Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure
https://notcve.org/view.php?id=CVE-2020-24427
Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anteriores) y 2017.011.30175 (y anteriores) están afectadas por una vulnerabilidad de comprobación de entrada al decodificar un códec diseñado que podría resultar en una divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para omitir mitigaciones como ASLR. • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-20: Improper Input Validation •
CVE-2020-24426 – Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24426
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anteriores) y 2017.011.30175 (y anteriores) están afectadas por una vulnerabilidad de lectura fuera de límites que podría conllevar a una divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para omitir mitigaciones como ASLR. • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html https://www.zerodayinitiative.com/advisories/ZDI-20-1354 • CWE-125: Out-of-bounds Read •
CVE-2017-11308 – Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11308
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Acrobat y Reader 2017.012.20098 y anteriores, 2017.011.30066 y anteriores, 2015.006.30355 y anteriores, y 11.0.22 y anteriores tiene una vulnerabilidad explotable de desbordamiento de memoria dinámica (heap). Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. • https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-787: Out-of-bounds Write •
CVE-2017-11307 – Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11307
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Acrobat y Reader, en versiones 2017.012.20098 y anteriores, 2017.011.30066 y anteriores, 2015.006.30355 y anteriores y 11.0.22 y anteriores, tienen una vulnerabilidad explotable de lectura fuera de límites. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. • https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-125: Out-of-bounds Read •
CVE-2017-11306 – Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11306
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Acrobat y Reader, en versiones 2017.012.20098 y anteriores, 2017.011.30066 y anteriores, 2015.006.30355 y anteriores y 11.0.22 y anteriores, tienen una vulnerabilidad explotable de lectura fuera de límites. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. • https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-125: Out-of-bounds Read •