CVE-2020-9715

HIGH KEV

Adobe Acrobat and Reader < 2020.009.20074, 2020.001.30002, <= 2017.011.30171, <= 2015.006.30523 - Use-After-Free

Title source: llm

Exploitation Summary

CVE-2020-9715 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2026. EIP tracks 2 public exploits from researchers including lsw29475, f8al.

AI-analyzed exploit summary This is a functional exploit for CVE-2020-9715, leveraging a use-after-free (UAF) vulnerability in Adobe Acrobat Reader. The exploit manipulates memory to achieve arbitrary read/write primitives and executes shellcode for remote code execution (RCE).

Description

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Exploits (2)

nomisec WORKING POC 5 stars

by lsw29475 · remote

https://github.com/lsw29475/CVE-2020-9715

View Code ZIP pw:eip

This is a functional exploit for CVE-2020-9715, leveraging a use-after-free (UAF) vulnerability in Adobe Acrobat Reader. The exploit manipulates memory to achieve arbitrary read/write primitives and executes shellcode for remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Adobe Acrobat Reader DC (versions prior to 2020.009.20063)

No auth needed

Prerequisites: Victim must open a malicious PDF file containing this JavaScript exploit

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by f8al · poc

https://github.com/f8al/PoC-CVE-2020-9715

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2020-9715, a use-after-free vulnerability in Adobe Acrobat Reader DC's EScript.api ESObject cache. The exploit generates a malicious PDF that triggers the vulnerability via a cache key encoding mismatch, leading to a UAF condition.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Acrobat Reader DC <= 2020.009.20063

No auth needed

Prerequisites: Adobe Acrobat Reader DC with vulnerable version · Ability to deliver malicious PDF to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 15, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch, Third Party Advisory

https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/

Vendor Advisory

https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-20-991/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715

Scores

CVSS v3 7.8

EPSS 0.4844

EPSS Percentile 98.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-04-13

VulnCheck KEV 2026-04-13

ENISA EUVD EUVD-2020-30495

CWE

CWE-416

Status published

Products (7)

adobe/acrobat_dc 20.001.30002

adobe/acrobat_dc 15.006.30060 - 15.006.30523

adobe/acrobat_dc 15.008.20082 - 20.009.20074

adobe/acrobat_reader_dc 20.001.30002

adobe/acrobat_reader_dc 15.006.30060 - 15.006.30523

adobe/acrobat_reader_dc 15.008.20082 - 20.009.20074

Adobe/Adobe Acrobat and Reader 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earli

Published Aug 19, 2020

KEV Added Apr 13, 2026

Tracked Since Feb 18, 2026