CVE-2020-9711
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
An out-of-bounds read vulnerability in Acrobat Reader that could lead to disclosure of sensitive memory. Exploitation requires user interaction to open a malicious file.
Risk Assessment
The risk involves potential leakage of confidential information from process memory, which could be used for further attacks on the organization.
Recommendation
Immediately update Adobe Acrobat Reader to the latest available version that includes a fix for this vulnerability.
Original NVD description (English source)
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

