CVE-2020-9725
HIGHAdobe FrameMaker < 2019.0.6 - Stack-based Buffer Overflow via Malicious File
Title source: llmDescription
Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html
Scores
CVSS v3
7.8
EPSS
0.0373
EPSS Percentile
88.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
adobe/framemaker
< 2019.0.6
Published
Sep 10, 2020
Tracked Since
Feb 18, 2026