VID |
50416 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30574 or 23.008.20533. It is, therefore, affected by multiple vulnerabilities.
- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2024-20726, CVE-2024-20727, CVE-2024-20728) - Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2024-20729, CVE-2024-20731) - Integer Overflow or Wraparound (CWE-190) potentially leading to Arbitrary code execution (CVE-2024-20730) - Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2024-20733) - Use After Free (CWE-416) potentially leading to Memory leak (CVE-2024-20734) - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-20735, CVE-2024-20736, CVE-2024-20747, CVE-2024-20748, CVE-2024-20749)
* References: https://helpx.adobe.com/security/products/acrobat/apsb24-07.html
* Platforms Affected: Adobe Reader versions prior to 20.005.30574 Microsoft Windows Any version Linux Any version |
Recommendation |
Upgrade to the latest version of Adobe Reader (20.005.30574 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb24-07.html |
Related URL |
CVE-2024-20726,CVE-2024-20729,CVE-2024-20730,CVE-2024-20733,CVE-2024-20734,CVE-2024-20735,CVE-2024-20736,CVE-2024-20747,CVE-2024-20748 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|