Security News > 2024 > September > Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
2024-09-12 12:05
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory points to a need for users to implement the updates quickly, but the fix for CVE-2024-41869 is actually an additional, more complete fix for CVE-2024-39383, which was supposedly addressed with a security update released in August 2024. … More → The post Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/12/cve-2024-41869/
Related news
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-45112 | Type Confusion vulnerability in Adobe products Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-09-13 | CVE-2024-41869 | Use After Free vulnerability in Adobe products Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-08-14 | CVE-2024-39383 | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |