Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. An attacker could trigger this vulnerability by tricking a user into opening a malicious file or web page with embedded JavaScript in a PDF. The attacker could then gain access to sensitive information, which could then be used in additional attacks.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Adobe to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Adobe Acrobat Reader DC JavaScript field name information leak (TALOS-2019-0959/CVE-2020-3744)
A specific JavaScript code embedded in a PDF file can lead to an information leak when opening a PDF document in Adobe Acrobat Reader DC, version 2019.021.20048. This could allow an attacker to view sensitive information, which could be abused when exploiting another vulnerability to bypass mitigations. The victim would need to open the malicious file or access a malicious web page to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that version 2019.021.20048 of Adobe Acrobat Reader DC is affected by this vulnerability.
Coverage
The following ..
Support the originator by clicking the read the rest link below.
