Bulletin ID
Cập nhật gần đây nhất vào
26 thg 12, 2022
Security update available for Adobe Acrobat and Reader | APSB20-13
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-13 |
March 17, 2020 |
2 |
Summary
Affected Versions
|
Track |
Affected Versions |
Platform |
|
|
Acrobat DC |
Continuous |
2020.006.20034 and earlier versions |
Windows & macOS |
|
Acrobat Reader DC |
Continuous |
2020.006.20034 and earlier versions |
Windows & macOS |
|
|
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30158 and earlier versions |
Windows & macOS |
|
Acrobat Reader 2017 |
Classic 2017 |
2017.011.30158 and earlier versions |
Windows & macOS |
|
|
|
|
|
|
Acrobat 2015 |
Classic 2015 |
2015.006.30510 and earlier versions |
Windows & macOS |
|
Acrobat Reader 2015 |
Classic 2015 |
2015.006.30510 and earlier versions |
Windows & macOS |
Solution
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
Users can update their product installations manually by choosing Help > Check for Updates.
The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Track |
Updated Versions |
Platform |
Priority Rating |
Availability |
|
|
Acrobat DC |
Continuous |
2020.006.20042 |
Windows and macOS |
2 |
|
|
Acrobat Reader DC |
Continuous |
2020.006.20042 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30166 |
Windows and macOS |
2 |
|
|
Acrobat Reader 2017 |
Classic 2017 |
2017.011.30166 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
|
|
Acrobat 2015 |
Classic 2015 |
2015.006.30518 |
Windows and macOS |
2 |
|
|
Acrobat Reader 2015 |
Classic 2015 |
2015.006.30518 |
Windows and macOS |
2 |
Vulnerability Details
|
Vulnerability Impact |
Severity |
CVE Number |
|
|---|---|---|---|
|
Out-of-bounds read |
Information Disclosure |
Important |
CVE-2020-3804 CVE-2020-3806 |
|
Out-of-bounds write |
Arbitrary Code Execution |
Critical |
CVE-2020-3795 |
|
Stack-based buffer overflow |
Arbitrary Code Execution |
Critical |
CVE-2020-3799 |
|
Use-after-free |
Arbitrary Code Execution |
Critical |
CVE-2020-3792 CVE-2020-3793 CVE-2020-3801 CVE-2020-3802 CVE-2020-3805 |
|
Memory address leak |
Information Disclosure |
Important |
CVE-2020-3800 |
|
Buffer overflow |
Arbitrary Code Execution |
Critical |
CVE-2020-3807 |
|
Memory corruption |
Arbitrary Code Execution |
Critical |
CVE-2020-3797 |
|
Insecure library loading (DLL hijacking) |
Privilege Escalation |
Important |
CVE-2020-3803 |
Acknowledgements
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative (CVE-2020-3802)
- Huw Pigott of Shearwater Solutions, a CyberCX company (CVE-2020-3803)
- Duy Phan Thanh (bit) of STAR Labs (CVE-2020-3800, CVE-2020-3801)
- Ke Liu of Tencent Security Xuanwu Lab (CVE-2020-3804, CVE-2020-3805)
- STARLabs @PTDuy during the Tianfu Cup competition (CVE-2020-3793)
- T Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University (CVE-2020-3792)
- Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China (CVE-2020-3806, CVE-2020-3807, CVE-2020-3795, CVE-2020-3797)
- Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences and Wang Yanhao from QiAnXin Technology Research Institute (CVE-2020-3799)
