Headline
CVE-2019-8196: Adobe Security Bulletin
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
Security updates available for Adobe Acrobat and Reader | APSB19-49
Bulletin ID
Date Published
Priority
APSB19-49
October 15, 2019
2
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
Users can update their product installations manually by choosing Help > Check for Updates.
The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Vulnerability Category
Vulnerability Impact
Severity
CVE Number
Out-of-Bounds Read
Information Disclosure
Important
CVE-2019-8164
CVE-2019-8168
CVE-2019-8172
CVE-2019-8173
CVE-2019-8064
CVE-2019-8182
CVE-2019-8184
CVE-2019-8185
CVE-2019-8189
CVE-2019-8163
CVE-2019-8190
CVE-2019-8193
CVE-2019-8194
CVE-2019-8198
CVE-2019-8201
CVE-2019-8202
CVE-2019-8204
CVE-2019-8207
CVE-2019-8216
CVE-2019-8218
CVE-2019-8222
Out-of-Bounds Write
Arbitrary Code Execution
Critical
CVE-2019-8171
CVE-2019-8186
CVE-2019-8165
CVE-2019-8191
CVE-2019-8199
CVE-2019-8206
Use After Free
Arbitrary Code Execution
Critical
CVE-2019-8175
CVE-2019-8176
CVE-2019-8177
CVE-2019-8178
CVE-2019-8179
CVE-2019-8180
CVE-2019-8181
CVE-2019-8187
CVE-2019-8188
CVE-2019-8192
CVE-2019-8203
CVE-2019-8208
CVE-2019-8209
CVE-2019-8210
CVE-2019-8211
CVE-2019-8212
CVE-2019-8213
CVE-2019-8214
CVE-2019-8215
CVE-2019-8217
CVE-2019-8219
CVE-2019-8220
CVE-2019-8221
CVE-2019-8223
CVE-2019-8224
CVE-2019-8225
Heap Overflow
Arbitrary Code Execution
Critical
CVE-2019-8170
CVE-2019-8183
CVE-2019-8197
Buffer Overrun
Arbitrary Code Execution
Critical
CVE-2019-8166
Cross-site Scripting
Information Disclosure
Important
CVE-2019-8160
Race Condition
Arbitrary Code Execution
Critical
CVE-2019-8162
Incomplete Implementation of Security Mechanism
Information Disclosure
Important
CVE-2019-8226
Type Confusion
Arbitrary Code Execution
Critical
CVE-2019-8161
CVE-2019-8167
CVE-2019-8169
CVE-2019-8200
Untrusted Pointer Dereference
Arbitrary Code Execution
Critical
CVE-2019-8174
CVE-2019-8195
CVE-2019-8196
CVE-2019-8205
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-8203, CVE-2019-8208, CVE-2019-8210, CVE-2019-8217, CVE-2019-8219, CVE-2019-8225)
- Haikuo Xie of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2019-8209, CVE-2019-8223)
- hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative (CVE-2019-8204)
- Juan Pablo Lopez Yacubian working with Trend Micro Zero Day Initiative (CVE-2019-8172)
- Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-8199, CVE-2019-8200, CVE-2019-8201, CVE-2019-8202)
- L4Nce working with Trend Micro Zero Day Initiative (CVE-2019-8064)
- Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-8166, CVE-2019-8175, CVE-2019-8178, CVE-2019-8179, CVE-2019-8180, CVE-2019-8181, CVE-2019-8187, CVE-2019-8188, CVE-2019-8189, CVE-2019-8163, CVE-2019-8190, CVE-2019-8165, CVE-2019-8191)
- Mateusz Jurczyk of Google Project Zero (CVE-2019-8195, CVE-2019-8196, CVE-2019-8197)
- peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-8176, CVE-2019-8224)
- Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-8170, CVE-2019-8171, CVE-2019-8173, CVE-2019-8174)
- Heige of Knownsec 404 Security Team (http://www.knownsec.com/) (CVE-2019-8160)
- Xizsmin and Lee JinYoung of Codemize Security Research Lab (CVE-2019-8218)
- Mipu94 of SEFCOM Lab, Arizona State University (CVE-2019-8211, CVE-2019-8212, CVE-2019-8213, CVE-2019-8214, CVE-2019-8215)
- Esteban Ruiz (mr_me) of Source Incite (CVE-2019-8161, CVE-2019-8164, CVE-2019-8167, CVE-2019-8168, CVE-2019-8169, CVE-2019-8182)
- Ta Dinh Sung of STAR Labs (CVE-2019-8220, CVE-2019-8221)
- Behzad Najjarpour Jabbari, Secunia Research at Flexera (CVE-2019-8222)
- Aleksandar Nikolic of Cisco Talos. (CVE-2019-8183)
- Nguyen Hong Quang (https://twitter.com/quangnh89) of Viettel Cyber Security (CVE-2019-8193)
- Zhiyuan Wang and willJ from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. (CVE-2019-8185, CVE-2019-8186)
- Yangkang(@dnpushme) & Li Qi(@leeqwind) & Yang Jianxiong(@sinkland_) of Qihoo360 CoreSecurity(@360CoreSec) (CVE-2019-8194)
- Lee JinYoung of Codemize Security Research Lab (http://codemize.co.kr) (CVE-2019-8216)
- Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-8205)
- Zhibin Zhang of Palo Alto Networks (CVE-2019-8206)
- Andrew Hart (CVE-2019-8226)
- peternguyen (meepwn ctf) working with Trend Micro Zero Day Initiative (CVE-2019-8192, CVE-2019-8177)
- Haikuo Xie of Baidu Security Lab (CVE-2019-8184)
- Zhiniang Peng of Qihoo 360 Core security & Jiadong Lu of South China University of Technology (CVE-2019-8162)
November 11, 2019: Added acknowledgement for CVE-2019-8195 & CVE-2019-8196.