PDF Injection BlackHat Talk
CVE-2020-29075

7.1HIGH

Key Information:

Vendor: Adobe
Status: Acrobat Reader Dc
Vendor: CVE Published:; 23 February 2021

Summary

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.

Affected Version(s)

Acrobat Reader DC <= 2020.013.20066 <= 2020.013.20066

Acrobat Reader DC <= 2020.001.30010 <= 2020.001.30010

Acrobat Reader DC <= 2017.011.30180 <= 2017.011.30180

References

https://helpx.adobe.com/security/products/acrobat/apsb20-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2021
Vulnerability Reserved
Nov 26, 2020