Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-39420— Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

CVSS 7.0 · High EPSS 1.56% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-39420

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Acrobat Reader 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Acrobat Reader是美国奥多比(Adobe)公司的一款PDF查看器。该软件用于打印,签名和注释 PDF。 Adobe Acrobat Reader存在安全漏洞。攻击者利用该漏洞可以在当前用户的环境中执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeAcrobat Reader 0 ~ 24.003.20054 -

II. Public POCs for CVE-2024-39420

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-39420

登录查看更多情报信息。

Same Patch Batch · Adobe · 2024-08-14 · 74 CVEs total

CVE-2024-393979.0 CRITICALAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2024-394028.4 HIGHAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Co
CVE-2024-394018.4 HIGHAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Co
CVE-2024-394008.1 HIGHDOM XSS through integrations can impact other admins
CVE-2024-418407.8 HIGHZDI-CAN-24607: Adobe Bridge JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vul
CVE-2024-418657.8 HIGHAdobe Dimension Untrusted Search Path lead to load malicious DLL swift.dll
CVE-2024-341177.8 HIGHAdobe Photoshop 2024 MPO File Parsing Use-After-Free vulnerability
CVE-2024-418567.8 HIGHIllustrator | Improper Input Validation (CWE-20)
CVE-2024-394267.8 HIGHZDI-CAN-24312: Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution
CVE-2024-341247.8 HIGHZDI-CAN-24031: Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution
CVE-2024-418647.8 HIGHAdobe Substance 3D Designer ICO Parsing Out-Of-Bounds Write Vulnerability
CVE-2024-418587.8 HIGHAdobe InCopy has an integer overflow vulnerability when parsing SVG file
CVE-2024-207897.8 HIGHZDI-CAN-24030: Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulne
CVE-2024-393867.8 HIGHZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vul
CVE-2024-341337.8 HIGHAdobe Illustrator CC 2023 v27.9 Vulnerability I
CVE-2024-393887.8 HIGHZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execu
CVE-2024-393947.8 HIGHAdobe Indesign 2024 PDF File Parsing Out Of Bound Write Remote Code Execution Vulnerabilit
CVE-2024-393937.8 HIGHAdobe Indesign 2024 PCT File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2024-393897.8 HIGHAdobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerab
CVE-2024-418517.8 HIGHAdobe InDesign (Beta) has an integer overflow vulnerability when parsing SVG file

Showing top 20 of 74 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Acrobat Reader
Same vendor: Adobe
Same weakness: CWE-367

V. Comments for CVE-2024-39420

No comments yet

Leave a comment