CVE-2020-29075 HIGH

CVE-2020-29075: PDF Injection BlackHat Talk

Vendor Adobe

Product Acrobat Reader DC

Weakness CWE-20 · Input validation

Published February 23, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.

Key dates

02Disclosure timeline

February 23, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-29075 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2020-29075

CWE CWE-20

CVSS 7.1 / HIGH

Affected versions

Vendor Adobe

Product Acrobat Reader DC

Affected <= 2020.013.20066

Vendor Adobe

Product Acrobat Reader DC

Affected <= 2020.001.30010

Vendor Adobe

Product Acrobat Reader DC

Affected <= 2017.011.30180

CVE-2020-29075: PDF Injection BlackHat Talk

01Description

02Disclosure timeline

03References

04Related CVE