The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2015.006.30527, 2017.011.30175, 2020.001.30005, or 2020.012.20041. It is, therefore, affected by multiple vulnerabilities.

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation     could lead to memory leak. (CVE-2020-9697)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to     privilege escalation . (CVE-2020-9714)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could     lead to arbitrary code execution . (CVE-2020-9693, CVE-2020-9694)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to     security feature bypass. (CVE-2020-9696, CVE-2020-9712)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead     to application denial-of-service. (CVE-2020-9702, CVE-2020-9703)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could     lead to information disclosure. (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710,     CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9723)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to     arbitrary code execution . (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704)

  - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier,     and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to     arbitrary code execution . (CVE-2020-9715, CVE-2020-9722)

  - Memory corruption potentially leading to Arbitrary Code Execution (CVE-2020-9695, CVE-2020-9713)

  - Memory corruption potentially leading to Information disclosure (CVE-2020-9711)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Acrobat < 2015.006.30527 / 2017.011.30175 / 2020.001.30005 / 2020.012.20041 Multiple Vulnerabilities (APSB20-48) (macOS)

high Nessus Plugin ID 139578

Version 1.7

Version 1.6

Version 1.7 Oct 4, 2024, 11:06 PM New Plugin Feed: 202410042306
Version 1.6 Sep 12, 2024, 8:57 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin categorization ("Agent" set to "unix") Plugin metadata Plugin Feed: 202409122057