Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30510, 2017.011.30158, or 2020.006.20034. It is, therefore, affected by multiple vulnerabilities.
- Out-of-bounds read potentially leading to Information Disclosure (CVE-2020-3804, CVE-2020-3806)
- Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-3795)
- Stack-based buffer overflow potentially leading to Arbitrary Code Execution (CVE-2020-3799)
- Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805)
- Memory address leak potentially leading to Information Disclosure (CVE-2020-3800)
- Buffer overflow potentially leading to Arbitrary Code Execution (CVE-2020-3807)
- Memory corruption potentially leading to Arbitrary Code Execution (CVE-2020-3797)
- Insecure library loading (DLL hijacking) potentially leading to Privilege Escalation (CVE-2020-3803)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Adobe Reader version 2015.006.30518 or 2017.011.30166 or 2020.006.20042 or later.