Intrusion PreventionAdobe.Acrobat.ESObject.Use.After.Free
Description
This indicates an attack attempt to exploit a Use After Free Vulnerability in Adobe Systems Acrobat Reader DC (Continuous).
This vulnerability is due to incorrect handling of ESObject data objects. A remote attacker can exploit the vulnerability by enticing a target user into opening a crafted PDF document. Successful exploitation of this vulnerability would result in remote code execution under the security context of the application.
Affected Products
Adobe Systems Acrobat 2015 2015.006.30523 and prior versions
Adobe Systems Acrobat 2017 2017.011.30171 and prior versions
Adobe Systems Acrobat 2020 2020.001.30002
Adobe Systems Acrobat DC (Continuous) 2020.009.20074 and prior versions
Adobe Systems Acrobat Reader 2015 2015.006.30523 and prior versions
Adobe Systems Acrobat Reader 2017 2017.011.30171 and prior versions
Adobe Systems Acrobat Reader 2020 2020.001.30002
Adobe Systems Acrobat Reader DC (Continuous) 2020.009.20074 and prior versions
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-09-15 | 22.394 | Sig Added |
| 2020-10-28 | 16.951 | Default_action:pass:drop |
| 2020-10-19 | 16.945 |
| ID | 49531 |
| Created | Oct 08, 2020 |
| Updated | Sep 04, 2023 |
| Risk |
|
| CVE ID | CVE-2020-9715 |
| Exploit Prediction Score | 40.68% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, MacOS |
| Affected App | Adobe |