CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39424 – ZDI-CAN-24309: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39424
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39423 – ZDI-CAN-24182: New Vulnerability Report - Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39423
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34130 – Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration
https://notcve.org/view.php?id=CVE-2024-34130
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar la omisión de una función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a información confidencial. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34129 – Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths
https://notcve.org/view.php?id=CVE-2024-34129
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría provocar una omisión de la función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a archivos y directorios que están fuera del directorio restringido y también para sobrescribir archivos arbitrarios. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30280 – ZDI-CAN-22867: Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30280
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones de Acrobat Reader 20.005.30574, 24.002.20736 y anteriores se ven afectadas por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría resultar en una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-125: Out-of-bounds Read •