Hello folks,
The lack of Adobe updates in the March Patch Tuesday might have come as a surprise to many of us. However a week from Patch Tuesday, Adobe has released updates to fix 13 vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. 9 of them are rated 'Critical'.
Affected versions
These versions are applicable for both Windows and mac platforms
Acrobat DC Continuous 2020.006.20034 and earlier versions
Acrobat Reader DC Continuous 2020.006.20034 and earlier versions
Acrobat 2017 Classic 2017 2017.011.30158 and earlier versions
Acrobat Reader 2017 Classic 2017 2017.011.30158 and earlier versions
Acrobat 2015 Classic 2015 2015.006.30510 and earlier versions
Acrobat Reader 2015 Classic 2015 2015.006.30510 and earlier versions
Vulnerability details
CVE ID | Severity | Category | Impact |
CVE-2020-3804 CVE-2020-3806 | Important | Out-of-bounds read | Information Disclosure |
CVE-2020-3795 | Critical | Out-of-bounds write | Arbitrary Code Execution |
CVE-2020-3799 | Critical | Stack-based buffer overflow | Arbitrary Code Execution |
CVE-2020-3792 CVE-2020-3793 CVE-2020-3801 CVE-2020-3802 CVE-2020-3805 | Critical | Use-after-free | Arbitrary Code Execution |
CVE-2020-3800 | Important | Memory address leak | Information Disclosure |
CVE-2020-3807 | Critical | Buffer overflow | Arbitrary Code Execution |
CVE-2020-3797 | Critical | Memory corruption | Arbitrary Code Execution |
CVE-2020-3803 | Important | Insecure library loading (DLL hijacking) | Privilege Escalation |
Adobe has requested its users to upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.
Using Patch Manager Plus, you can install these updates thus,
Initiate a sync between the Patch Manager Plus server and the Vulnerability Database
Navigate to the missing patches tab and search for the following patch IDs or Bulletin
Patch ID | Bulletin ID |
313395 | TU-754 |
313396 | TU-753 |
313397 | TU-135 |
313398 | TU-137 |
313399 | TU-072 |
313400 | TU-073 |
313401 | TU-136 |
Install these patches on the systems missing them.