A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30461/2017.011.30110/2019.010.20064 (Document Reader Software) and classified as critical. This issue affects some unknown functionality. The manipulation with an unknown input leads to a type confusion vulnerability. Using CWE to declare the problem leads to CWE-843. The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

The bug was discovered 04/02/2019. The weakness was shared 01/03/2019 as APSB19-02 as confirmed security bulletin (Website). It is possible to read the advisory at helpx.adobe.com. The identification of this vulnerability is CVE-2019-7131 since 01/28/2019. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 2015.006.30464 , 2017.011.30113 or 2019.010.20069 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The entries 129938 and 129939 are related to this item.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30461
• 2017.011.30110
• 2019.010.20064

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion