CVE-2020-24432

MEDIUM

Acrobat Reader DC <2020.012.20048 - RCE

Title source: llm
STIX 2.1

Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.1065
EPSS Percentile 95.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (6)
adobe/acrobat < 20.001.30005
adobe/acrobat_dc < 17.011.30175
adobe/acrobat_dc < 20.012.20048
adobe/acrobat_reader < 20.001.30005
adobe/acrobat_reader_dc < 17.011.30175
adobe/acrobat_reader_dc < 20.012.20048
Published Nov 05, 2020
Tracked Since Feb 18, 2026