Adobe issued an out of band updated today for Experience Manager, Experience Manager Forms, Adobe Acrobat and Reader and Download Manager covering 81 CVEs with many rated as critical.

The company stated that none of the reported issues have been spotted in the wild and noted updates are available for all the products.

Acrobat and Reader received the most patches with 67 vulnerabilities being addressed, the majority of them considered critical. The majority of the critical issues centered on out-of-bounds write, use after free and a heap overflow problems that could lead to arbitrary code execution.

Adobe Experience Manager had 12 CVEs rated important or moderatcovering cross-site scripting, XML external entity injection issues among others.

ExperienceManager Forms had only a single issue, CVE-2019-8089, that covered a reflected cross-site scripting issue that if exploited could lead to sensitive information disclosure. The final product included was Download Manager with CVE-2019-8071.

you can check the cve numbers for adobe reader here : https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html

PATCH

It’s worth noting that this month Adobe did not release any updates on Patch Tuesday, as the company usually does.

The latest Acrobat and Reader updates resolve a total of 68 vulnerabilities, including many critical memory corruption flaws that can be exploited for arbitrary code execution. The vulnerabilities rated “important” can lead to information disclosure, Adobe’s advisory shows.

Many of these security holes were reported to Adobe by independent researchers through Trend Micro’s Zero Day Initiative (ZDI). The tech giant has also credited representatives of Baidu, Tencent, Google, Source Incite, Knownsec, Codemize, SEFCOM Lab, STAR Labs, Flexera, Cisco Talos, Viettel Cyber Security, Qihoo 360, and Palo Alto Networks for reporting the weaknesses in Acrobat and Reader.

In its Experience Manager marketing solution, Adobe patched a dozen vulnerabilities that can be exploited to gain unauthorized access to an organization’s Experience Manager environment.

LEAVE A REPLY

Please enter your comment!
Please enter your name here