CVE-2020-9715

HIGH KEV

Adobe Acrobat DC < 15.006.30523 - Use After Free

Title source: rule

Description

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Exploits (3)

nomisec WORKING POC 5 stars

by lsw29475 · remote

https://github.com/lsw29475/CVE-2020-9715

View Code ZIP pw:eip

nomisec WORKING POC

by f8al · poc

https://github.com/f8al/PoC-CVE-2020-9715

View Code ZIP pw:eip

nomisec

by wonjunchun · poc

https://github.com/wonjunchun/CVE-2020-9715

View on nomisec

References (4)

[Exploit, Patch, Third Party Advisory] https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-20-991/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715

Scores

CVSS v3 7.8

EPSS 0.7447

EPSS Percentile 98.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-04-13

VulnCheck KEV 2026-04-13

ENISA EUVD EUVD-2020-30495

CWE

CWE-416

Status published

Products (7)

adobe/acrobat_dc 20.001.30002

adobe/acrobat_dc 15.006.30060 - 15.006.30523

adobe/acrobat_dc 15.008.20082 - 20.009.20074

adobe/acrobat_reader_dc 20.001.30002

adobe/acrobat_reader_dc 15.006.30060 - 15.006.30523

adobe/acrobat_reader_dc 15.008.20082 - 20.009.20074

Adobe/Adobe Acrobat and Reader 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earli

Published Aug 19, 2020

KEV Added Apr 13, 2026

Tracked Since Feb 18, 2026