KLA11531
Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Multiple out-of-bound read vulnerabilities can be exploited to obtain sensitive information;
2. Multiple out-of-bounds write vulnerabilities can be exploited to execute arbitrary code;
3. A command injection vulnerability can be exploited to execute arbitrary code;
4. Multiple use-after-free vulnerabilities can be exploited to execute arbitrary code;
5. Multiple heap overflow vulnerabilities can be exploited to execute arbitrary code;
6. A buffer error vulnerability can be exploited to execute arbitrary code;
7. A double free vulnerability can be exploited to execute arbitrary code;
8. Multiple integer overflow vulnerabilities can be exploited to obtain sensitive information;
9. An internal IP disclosure vulnerability can be exploited to obtain sensitive information;
10. A type confusion vulnerability can be exploited to execute arbitrary code;
11. Multiple untrusted pointer dereference vulnerabilities can be exploited to execute arbitrary code;
12. Insufficiently Robust Encryption can be exploited to bypass security restrictions;

Adobe Acrobat DC (Continuous track) earlier than 2019.012.20036
Adobe Acrobat Reader DC (Continuous track) earlier than 2019.012.20036
Adobe Acrobat 2017 (Classic 2017 track) earlier than 2017.011.30144
Adobe Acrobat Reader 2017 (Classic 2017 track) earlier than 2017.011.30144
Adobe Acrobat DC (Classic 2015 track) earlier than 2015.006.30499
Adobe Acrobat Reader 2017 (Classic 2015 track) earlier than 2015.006.30499

Update to the latest version
Download Adobe Acrobat Reader DC

APSB19-41