Kaspersky Threats

Detect date

?

08/14/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code.

Below is a complete list of vulnerabilities:

Multiple out-of-bound read vulnerabilities can be exploited to obtain sensitive information;
Multiple out-of-bounds write vulnerabilities can be exploited to execute arbitrary code;
A command injection vulnerability can be exploited to execute arbitrary code;
Multiple use-after-free vulnerabilities can be exploited to execute arbitrary code;
Multiple heap overflow vulnerabilities can be exploited to execute arbitrary code;
A buffer error vulnerability can be exploited to execute arbitrary code;
A double free vulnerability can be exploited to execute arbitrary code;
Multiple integer overflow vulnerabilities can be exploited to obtain sensitive information;
An internal IP disclosure vulnerability can be exploited to obtain sensitive information;
A type confusion vulnerability can be exploited to execute arbitrary code;
Multiple untrusted pointer dereference vulnerabilities can be exploited to execute arbitrary code.

Affected products

Adobe Acrobat DC (Continuous track) earlier than 2019.012.20036
Adobe Acrobat Reader DC (Continuous track) earlier than 2019.012.20036
Adobe Acrobat 2017 (Classic 2017 track) earlier than 2017.011.30144
Adobe Acrobat Reader 2017 (Classic 2017 track) earlier than 2017.011.30144
Adobe Acrobat DC (Classic 2015 track) earlier than 2015.006.30499
Adobe Acrobat Reader 2017 (Classic 2015 track) earlier than 2015.006.30499

Solution

Update to the latest version
Download Adobe Acrobat Reader DC

Original advisories

APSB19-41

Impacts

?

ACE

[?]

OSI

[?]

Related products

Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat DC Classic
Adobe Acrobat Reader 2017
Adobe Acrobat 2017

CVE-IDS

?

Detect date ?	08/14/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: Multiple out-of-bound read vulnerabilities can be exploited to obtain sensitive information; Multiple out-of-bounds write vulnerabilities can be exploited to execute arbitrary code; A command injection vulnerability can be exploited to execute arbitrary code; Multiple use-after-free vulnerabilities can be exploited to execute arbitrary code; Multiple heap overflow vulnerabilities can be exploited to execute arbitrary code; A buffer error vulnerability can be exploited to execute arbitrary code; A double free vulnerability can be exploited to execute arbitrary code; Multiple integer overflow vulnerabilities can be exploited to obtain sensitive information; An internal IP disclosure vulnerability can be exploited to obtain sensitive information; A type confusion vulnerability can be exploited to execute arbitrary code; Multiple untrusted pointer dereference vulnerabilities can be exploited to execute arbitrary code.
Affected products	Adobe Acrobat DC (Continuous track) earlier than 2019.012.20036 Adobe Acrobat Reader DC (Continuous track) earlier than 2019.012.20036 Adobe Acrobat 2017 (Classic 2017 track) earlier than 2017.011.30144 Adobe Acrobat Reader 2017 (Classic 2017 track) earlier than 2017.011.30144 Adobe Acrobat DC (Classic 2015 track) earlier than 2015.006.30499 Adobe Acrobat Reader 2017 (Classic 2015 track) earlier than 2015.006.30499
Solution	Update to the latest version Download Adobe Acrobat Reader DC
Original advisories	APSB19-41
Impacts ?	ACE [?] OSI [?]
Related products	Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader DC Classic Adobe Acrobat DC Continuous Adobe Acrobat DC Classic Adobe Acrobat Reader 2017 Adobe Acrobat 2017
CVE-IDS ?	CVE-2019-78320.0Unknown CVE-2019-80770.0Unknown CVE-2019-80940.0Unknown CVE-2019-80950.0Unknown CVE-2019-80960.0Unknown CVE-2019-81020.0Unknown CVE-2019-81030.0Unknown CVE-2019-81040.0Unknown CVE-2019-81050.0Unknown CVE-2019-81060.0Unknown CVE-2019-80020.0Unknown CVE-2019-80040.0Unknown CVE-2019-80050.0Unknown CVE-2019-80070.0Unknown CVE-2019-80100.0Unknown CVE-2019-80110.0Unknown CVE-2019-80120.0Unknown CVE-2019-80180.0Unknown CVE-2019-80200.0Unknown CVE-2019-80210.0Unknown CVE-2019-80320.0Unknown CVE-2019-80350.0Unknown CVE-2019-80370.0Unknown CVE-2019-80400.0Unknown CVE-2019-80430.0Unknown CVE-2019-80520.0Unknown CVE-2019-80980.0Unknown CVE-2019-81000.0Unknown CVE-2019-79650.0Unknown CVE-2019-80080.0Unknown CVE-2019-80090.0Unknown CVE-2019-80160.0Unknown CVE-2019-80220.0Unknown CVE-2019-80230.0Unknown CVE-2019-80270.0Unknown CVE-2019-80600.0Unknown CVE-2019-80030.0Unknown CVE-2019-80130.0Unknown CVE-2019-80240.0Unknown CVE-2019-80250.0Unknown CVE-2019-80260.0Unknown CVE-2019-80280.0Unknown CVE-2019-80290.0Unknown CVE-2019-80300.0Unknown CVE-2019-80310.0Unknown CVE-2019-80330.0Unknown CVE-2019-80340.0Unknown CVE-2019-80360.0Unknown CVE-2019-80380.0Unknown CVE-2019-80390.0Unknown CVE-2019-80470.0Unknown CVE-2019-80510.0Unknown CVE-2019-80530.0Unknown CVE-2019-80540.0Unknown CVE-2019-80550.0Unknown CVE-2019-80560.0Unknown CVE-2019-80570.0Unknown CVE-2019-80580.0Unknown CVE-2019-80590.0Unknown CVE-2019-80610.0Unknown CVE-2019-80140.0Unknown CVE-2019-80150.0Unknown CVE-2019-80410.0Unknown CVE-2019-80420.0Unknown CVE-2019-80460.0Unknown CVE-2019-80490.0Unknown CVE-2019-80500.0Unknown CVE-2019-80480.0Unknown CVE-2019-80440.0Unknown CVE-2019-80990.0Unknown CVE-2019-81010.0Unknown CVE-2019-80970.0Unknown CVE-2019-80190.0Unknown CVE-2019-80060.0Unknown CVE-2019-80170.0Unknown CVE-2019-80450.0Unknown