CVE-2020-9712: Adobe Acrobat Pro DC Web2PDF:AppLinks JavaScript Restrictions Bypass Vulnerability
First published: Wed Aug 19 2020(Updated: )
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Dc | >=15.006.30060<=15.006.30523 | |
| Adobe Acrobat Dc | >=15.008.20082<=20.009.20074 | |
| Adobe Acrobat Dc | >=17.011.30059<=17.011.30171 | |
| Adobe Acrobat Dc | =20.001.30002 | |
| Adobe Acrobat Reader DC | >=15.006.30060<=15.006.30523 | |
| Adobe Acrobat Reader DC | >=15.008.20082<=20.009.20074 | |
| Adobe Acrobat Reader DC | >=17.011.30059<=17.011.30171 | |
| Adobe Acrobat Reader DC | =20.001.30002 | |
| Apple macOS | ||
| Microsoft Windows | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9712?
CVE-2020-9712 is a vulnerability that allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Pro DC.
How can this vulnerability be exploited?
To exploit this vulnerability, user interaction is required through visiting a malicious page or opening a malicious file.
Which software versions are affected by CVE-2020-9712?
Adobe Acrobat Pro DC versions 15.006.30060 to 15.006.30523, 15.008.20082 to 20.009.20074, and 17.011.30059 to 17.011.30171 are affected.
Is Apple macOS vulnerable to CVE-2020-9712?
No, Apple macOS is not vulnerable to this vulnerability.
What is the severity of this vulnerability?
The severity of CVE-2020-9712 is rated as high with a CVSS score of 5.5.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-990
- alias/ZDI-CAN-11166
- alias/CVE-2020-9712
- agent/software-canonical-lookup
- vendor/adobe
- canonical/adobe acrobat dc
- version/adobe acrobat dc/15.006.30060
- version/adobe acrobat dc/15.006.30523
- version/adobe acrobat dc/15.008.20082
- version/adobe acrobat dc/20.009.20074
- version/adobe acrobat dc/17.011.30059
- version/adobe acrobat dc/17.011.30171
- version/adobe acrobat dc/20.001.30002
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30060
- version/adobe acrobat reader dc/15.006.30523
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/20.009.20074
- version/adobe acrobat reader dc/17.011.30059
- version/adobe acrobat reader dc/17.011.30171
- version/adobe acrobat reader dc/20.001.30002
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe acrobat pro dc