First published: Tue Dec 10 2024(Updated: )
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and be tricked in to interacting with it in a specific manner, increasing the attack complexity.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | <20.005.30748 | |
Adobe Acrobat Reader | >=24.0<24.001.30225 | |
Adobe Acrobat Reader DC | <24.005.20320 | |
Adobe Acrobat Reader Notification Manager | <20.005.30748 | |
Adobe Acrobat Reader | <24.005.20320 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-49530 is considered a critical vulnerability due to its potential for arbitrary code execution.
To fix CVE-2024-49530, update Adobe Acrobat Reader or Adobe Acrobat DC to the latest version that surpasses the affected versions.
CVE-2024-49530 affects Adobe Acrobat Reader versions up to 20.005.30748 and Acrobat DC versions up to 24.005.20320.
CVE-2024-49530 is a Use After Free vulnerability that can lead to arbitrary code execution.
Exploitation of CVE-2024-49530 could result in unauthorized actions being taken on the system by an attacker or malware.