Intrusion PreventionAcrobat.Reader.Acrobat.CVE-2020-24433.Arbitrary.File.Creation
Description
This indicates an attack attempt to exploit an Arbitrary File Creation vulnerability has been reported in Adobe Acrobat Reader.
This vulnerability is due to improper validation of user privileges in the vulnerable application. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted web page or document. Successful exploitation of this vulnerabilities could lead to remote code execution.
Affected Products
Adobe Acrobat DC Continuous for Windows 2017.011.30161
Adobe Acrobat DC Continuous for Macintosh 2017.011.30161
Adobe Acrobat Reader DC Continuous for Windows 2017.011.30161
Adobe Acrobat Reader DC Continuous for Macintosh 2017.011.30161
Adobe Acrobat DC Classic for Windows 2015.006.30512
Adobe Acrobat DC Classic for Macintosh 2015.006.30512
Adobe Acrobat Reader DC Classic for Windows 2015.006.30512
Adobe Acrobat Reader DC Classic for Macintosh 2015.006.30512
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 49571 |
| Created | Nov 04, 2020 |
| Updated | Jul 28, 2021 |
| Risk |
|
| CVE ID | CVE-2020-24433 |
| Exploit Prediction Score | 0.1% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, MacOS |
| Affected App | Adobe |