| VID |
50417 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30574 or 23.008.20533. It is, therefore, affected by multiple vulnerabilities.
- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2024-20726, CVE-2024-20727, CVE-2024-20728)
- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2024-20729, CVE-2024-20731)
- Integer Overflow or Wraparound (CWE-190) potentially leading to Arbitrary code execution (CVE-2024-20730)
- Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2024-20733)
- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2024-20734)
- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-20735, CVE-2024-20736, CVE-2024-20747, CVE-2024-20748, CVE-2024-20749)
* References:
https://helpx.adobe.com/security/products/acrobat/apsb24-07.html
* Platforms Affected:
Adobe Reader versions prior to 23.008.20533
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (23.008.20533 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb24-07.html |
| Related URL |
CVE-2024-20726,CVE-2024-20729,CVE-2024-20730,CVE-2024-20733,CVE-2024-20734,CVE-2024-20735,CVE-2024-20736,CVE-2024-20747,CVE-2024-20748 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
