A vulnerability was found in Adobe Acrobat Reader up to 2019.010.20100 (Document Reader Software). It has been declared as problematic. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality.

The bug was discovered 05/14/2019. The weakness was presented 05/14/2019 as APSB19-18 as confirmed security bulletin (Website). The advisory is shared at helpx.adobe.com. This vulnerability is known as CVE-2019-7787 since 02/12/2019. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 2015.006.30497, 2017.011.30142 or 2019.012.20034 eliminates this vulnerability. The upgrade is hosted for download at get.adobe.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The security bulletin contains the following remark:

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities.

Additional details are provided at blog.talosintelligence.com. See 134755, 134756, 134757 and 134758 for similar entries.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30493
• 2015.006.30495
• 2017.011.30138
• 2017.011.30140
• 2019.010
• 2019.010.20099

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion