CVE-2024-39425

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Aug 14, 2024
Updated: Aug 15, 2024
CWE ID 367

Summary

CVE-2024-39425 is a newly disclosed vulnerability affecting Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123, and older. This issue is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability, which can be exploited to gain privilege escalation. To successfully exploit this vulnerability, an attacker requires local low-privilege access to the affected system, making it a potential threat to systems where Acrobat Reader is installed and used. The attack complexity is high, indicating that it may not be easily exploited, but organizations are encouraged to apply the available patches to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Adobe Acrobat DC
  • Adobe Acrobat
  • Adobe Acrobat Reader
  • Adobe Acrobat Reader DC

Affected Vendors

  • Adobe