CVE-2020-24436

HIGH

Acrobat Pro DC <2020.012.20048 - Code Injection

Title source: llm
STIX 2.1

Description

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1355/

Scores

CVSS v3 7.8
EPSS 0.1635
EPSS Percentile 96.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
adobe/acrobat < 20.001.30005
adobe/acrobat_dc < 17.011.30175
adobe/acrobat_dc < 20.012.20048
adobe/acrobat_reader < 20.001.30005
adobe/acrobat_reader_dc < 17.011.30175
adobe/acrobat_reader_dc < 20.012.20048
Published Nov 05, 2020
Tracked Since Feb 18, 2026