-
Notifications
You must be signed in to change notification settings - Fork 0
Adobe Acrobat Multiple Vulnerabilities
Fabien edited this page May 22, 2024
·
1 revision
Adobe Acrobat is a family of application software and web services developed by Adobe Inc. to view, create, manipulate, print, and manage files in Portable Document Format (PDF). Various versions of Adobe Acrobat have experienced multiple security vulnerabilities that can lead to remote code execution, information disclosure, and other significant security risks.
- Severity: Critical
- Remote Code Execution (RCE): Vulnerabilities can allow attackers to execute arbitrary code, potentially leading to full system compromise.
- Information Disclosure: Specific flaws can expose sensitive data to unauthorized users, leading to privacy breaches.
- Denial of Service (DoS): Some vulnerabilities can be exploited to crash Adobe Acrobat, making it unusable and causing service disruptions.
- Memory Corruption: Errors in memory handling can lead to code execution and application crashes.
- Improper Input Validation: Failure to validate inputs can result in various injection attacks.
- Outdated Software: Using outdated versions of Adobe Acrobat that lack the latest security patches.
-
Regular Updates:
- Keep Adobe Acrobat updated to the latest version to ensure all known vulnerabilities are patched.
-
Use Security Tools:
- Implement security tools and software to monitor and protect against exploits targeting Adobe Acrobat.
-
Secure Configurations:
- Ensure Adobe Acrobat is configured securely by disabling unnecessary features and enabling security settings.
var doc = app.newDoc();
doc.importDataObject({ cName: "test", cDIPath: "/path/to/exploit/file" });This example shows how an attacker could use a crafted file to exploit a vulnerability in Adobe Acrobat to execute arbitrary code.
-
Manual Update:
- Open Adobe Acrobat.
- Go to
Help > Checkfor Updates. - Follow the prompts to install the latest updates.
-
Automated Update:
- Enable automatic updates in Adobe Acrobat settings to ensure the software is always up to date.
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities