Adobe | Acrobat & Reader¶à¸öÇå¾²Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-11-04

0x00 Îó²î¸ÅÊö

2020Äê11ÔÂ03ÈÕ £¬£¬£¬£¬AdobeÐû²¼Á˹ØÓÚAdobe AcrobatºÍReaderµÄ14¸öÇå¾²¸üР£¬£¬£¬£¬ÆäÖаüÀ¨¶à¸öí§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£AdobeÌåÏÖÏÖÔÚ»¹Ã»Óз¢Ã÷ÈκιØÓÚÕâЩÎó²îµÄÒ°Íâ¹¥»÷ÊÂÎñ¡£¡£¡£¡£¡£¡£¡£

 

0x01 Îó²îÏêÇé

 

image.png


Adobe AcrobatºÍAdobe Reader¶¼ÊÇAdobe¹Ù·½³öÆ·µÄPDFÎĵµ½â¾ö¼Æ»®Ì×¼þ¡£¡£¡£¡£¡£¡£¡£Adobe Reader ÊÇÓÃÓÚ·­¿ªºÍʹÓÃÔÚ Adobe AcrobatÖн¨ÉèµÄ Adobe PDF µÄ¹¤¾ß £¬£¬£¬£¬ËäÈ»ÎÞ·¨ÔÚ Reader Öн¨Éè PDF £¬£¬£¬£¬¿ÉÊÇ¿ÉÒÔʹÓà ReaderÉó²é¡¢´òÓ¡ºÍÖÎÀí PDF¡£¡£¡£¡£¡£¡£¡£

ÔÚ±¾´ÎÐû²¼µÄÇå¾²¸üÐÂÖÐ £¬£¬£¬£¬ÓÐ4¸öÎó²î±»ÆÀΪ¸ßΣ £¬£¬£¬£¬6¸öÎó²î±»ÆÀΪÖÐΣ £¬£¬£¬£¬4¸öÎó²îÆÀ¼¶ÎªµÍΣ¡£¡£¡£¡£¡£¡£¡£ÏêÇéÈçÏ£º

 

CVE ID

Àà ÐÍ

Îó²îÓ°Ïì

ÑÏÖØˮƽ

CVE-2020-24427

ÊäÈëÑéÖ¤²»×¼È·

ÐÅϢй¶

ÖÐΣ

CVE-2020-24429

ÊðÃûÑéÖ¤Èƹý

ÍâµØȨÏÞÉý¼¶

ÖÐΣ

CVE-2020-24426

CVE-2020-24434

Ô½½ç¶ÁÈ¡

ÐÅϢй¶

µÍΣ

CVE-2020-24428

Race   Condition

ÍâµØȨÏÞÉý¼¶

ÖÐΣ

CVE-2020-24430

CVE-2020-24437

Use-after-free?

í§Òâ´úÂëÖ´ÐÐ???

¸ßΣ

CVE-2020-24431

Çå¾²¹¦Ð§Èƹý

¶¯Ì¬¿â×¢Èë

ÖÐΣ

CVE-2020-24432

ÊäÈëÑéÖ¤²»×¼È·

í§ÒâJavaScriptÖ´ÐÐ

ÖÐΣ

CVE-2020-24433

»á¼û¿ØÖƲ»µ±

ÍâµØȨÏÞÉý¼¶

ÖÐΣ

CVE-2020-24435

»ùÓڶѵĻº³åÇøÒç³ö

í§Òâ´úÂëÖ´ÐÐ???

¸ßΣ

CVE-2020-24436

Ô½½çдÈë

í§Òâ´úÂëÖ´ÐÐ

¸ßΣ

CVE-2020-24438

Use-after-free?

ÐÅϢй¶

µÍΣ

CVE-2020-24439

ÊðÃûÑéÖ¤Èƹý

×îС£¡£¡£¡£¡£¡£¡£¨×ÝÉî·ÀÓùÐÞ¸´£©

µÍΣ

 

Ó°Ïì¹æÄ££º

Windows°æ±¾ºÍMacOS°æ±¾£ºAcrobat DC¡¢Acrobat Reader DC¡¢Acrobat 2020¡¢Acrobat Reader 2020¡¢Acrobat 2017ºÍAcrobat Reader 2017¡£¡£¡£¡£¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚAdobe¹Ù·½ÒѾ­Ðû²¼Çå¾²°æ±¾ £¬£¬£¬£¬½¨ÒéʵʱÉý¼¶¸üС£¡£¡£¡£¡£¡£¡£

²úÆ·

¸üа汾

ƽ̨

ÏÂÔØÁ´½Ó

Acrobat DC

2020.013.20064

Windows and   macOS

Windows?£º

https://supportdownloads.adobe.com/product.1&platform=Windows

macOS?£º

https://supportdownloads.adobe.com/product.1&platform=Mac

Acrobat Reader DC

2020.013.20064

Windows and   macOS

Windows£º

https://supportdownloads.adobe.com/product.10&platform=Windows
  macOS£º

https://supportdownloads.adobe.com/product.10&platform=Mac

Acrobat 2020

2020.001.30010

Windows?and macOS????

Windows£º

https://supportdownloads.adobe.com/product.1&platform=Windows

macOS??£º

https://supportdownloads.adobe.com/product.1&platform=Mac

Acrobat Reader   2020

2020.001.30010

Windows?and macOS????

Windows£º

https://supportdownloads.adobe.com/product.10&platform=Windows
  macOS£º

https://supportdownloads.adobe.com/product.10&platform=Mac

Acrobat 2017

2017.011.30180

Windows and   macOS

Windows£º

https://supportdownloads.adobe.com/product.1&platform=Windows

macOS£º

https://supportdownloads.adobe.com/product.1&platform=Mac

Acrobat Reader   2017

2017.011.30180

Windows and   macOS

Windows£º

https://supportdownloads.adobe.com/product.10&platform=Windows

macOS£º

https://supportdownloads.adobe.com/product.10&platform=Mac

 

ÏÂÔصص㣺

https://get2.adobe.com/cn/reader/


0x03 ²Î¿¼Á´½Ó

https://helpx.adobe.com/security/products/acrobat/apsb20-67.html

https://securityaffairs.co/wordpress/110363/security/adobe-acrobat-products-flaws.html?

https://threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/

 

0x04 ʱ¼äÏß

2020-11-03  AdobeÐû²¼Ç徲ͨ¸æ

2020-11-04  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

 

 

 

image.png