CVE-2024-39379

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:edge:*:*

History

16 Sep 2024, 12:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 5.5
Summary (en) Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (en) Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

11 Sep 2024, 15:52

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 7.8
First Time Adobe acrobat
Adobe
CPE cpe:2.3:a:adobe:acrobat:*:*:*:*:*:edge:*:*

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Las versiones 126.0.2592.81 y anteriores de Acrobat para Edge se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar un acceso de lectura arbitrario al sistema de archivos. Un atacante podría aprovechar esta vulnerabilidad para leer contenidos desde una ubicación en la memoria más allá del límite del búfer, lo que podría provocar la divulgación de información confidencial. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso.

31 Jul 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-31 13:15

Updated : 2024-10-16 13:38


NVD link : CVE-2024-39379

Mitre link : CVE-2024-39379

CVE.ORG link : CVE-2024-39379


JSON object : View

Products Affected

adobe

  • acrobat
CWE
CWE-125

Out-of-bounds Read