VYPR
Unrated severityNVD Advisory· Published Feb 23, 2021· Updated Sep 16, 2024

PDF Injection BlackHat Talk

CVE-2020-29075

Description

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.

Affected products

2
  • Adobe Inc./Acrobat Reader Dcllm-fuzzy2 versions
    <=2020.013.20066, <=2020.001.30010, <=2017.011.30180+ 1 more
    • (no CPE)range: <=2020.013.20066, <=2020.001.30010, <=2017.011.30180
    • (no CPE)range: <= 2020.013.20066

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.