CVE-2020-3743: Use After Free
First published: Thu Feb 13 2020(Updated: )
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader DC | >=15.006.30060<=15.006.30508 | |
| Adobe Acrobat Reader DC | >=15.008.20082<=19.021.20061 | |
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30508 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.021.20061 | |
| macOS | ||
| Microsoft Windows Operating System | ||
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30156 | |
| Adobe Acrobat Reader DC | >=17.011.30059<=17.011.30156 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-3743?
CVE-2020-3743 has a critical severity rating, indicating a high risk of exploitation that can lead to arbitrary code execution.
How do I fix CVE-2020-3743?
To mitigate CVE-2020-3743, users should update to the latest version of Adobe Acrobat or Reader, as recommended in the security bulletin.
Which versions of Adobe Acrobat are affected by CVE-2020-3743?
CVE-2020-3743 affects Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier.
Can exploiting CVE-2020-3743 lead to data loss?
Yes, successful exploitation of CVE-2020-3743 may result in loss of data, as it allows an attacker to execute arbitrary code.
Is there a workaround for CVE-2020-3743 if I cannot update?
While no official workaround exists, the best practice is to avoid opening untrusted PDF files until the software is updated.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30060
- version/adobe acrobat reader dc/15.006.30508
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/19.021.20061
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.006.30508
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/19.021.20061
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30156
- version/adobe acrobat reader dc/17.011.30059
- version/adobe acrobat reader dc/17.011.30156