Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
139581	Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)	Nessus	Windows	high
139580	Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48)	Nessus	Windows	high
139579	Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)	Nessus	MacOS X Local Security Checks	high
139578	Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2020-9707

low

Tenable Plugins

high

high

high

high