Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are…
adobe·CWE-367·Published 2020-11-05
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader DC versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anteriores) y 2017.011.30175 (y anteriores) para macOS están afectadas por una vulnerabilidad de condición de carrera de tipo time-of-check time-of-use (TOCTOU) que podría resultar en una escalada de privilegios local. Una explotación de este problema requiere una interacción del usuario, ya que la víctima debe abrir un archivo malicioso
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.1 | 4.9 | 6.4 | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 7.7 | 1.0 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 7.7 | 1.0 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |