CVE-2020-24430

HIGH

Acrobat Reader DC <2020.012.20048, 2020.001.30005, 2017.011.30175 -...

Title source: llm
STIX 2.1

Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.1793
EPSS Percentile 96.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (6)
adobe/acrobat < 20.001.30005
adobe/acrobat_dc < 17.011.30175
adobe/acrobat_dc < 20.012.20048
adobe/acrobat_reader < 20.001.30005
adobe/acrobat_reader_dc < 17.011.30175
adobe/acrobat_reader_dc < 20.012.20048
Published Nov 05, 2020
Tracked Since Feb 18, 2026