| VID |
50427 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30680 or 24.003.20112. It is, therefore, affected by multiple vulnerabilities.
- Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-41869)
- Use After Free potentially leading to Arbitrary code execution (CVE-2024-41869)
- Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-45112)
- Access of Resource Using Incompatible Type ('Type Confusion') potentially leading to Arbitrary code execution (CVE-2024-45112)
* References:
https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
* Platforms Affected:
Adobe Reader versions prior to 20.005.30680
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (20.005.30680 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb24-70.html |
| Related URL |
CVE-2024-41869,CVE-2024-45112 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
