Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acrobat | Adobe | 20.001.30005 (including) | 20.005.30655 (excluding) |
| Acrobat | Adobe | 24.001.20604 (including) | 24.001.30159 (excluding) |
| Acrobat_dc | Adobe | 15.008.20082 (including) | 24.002.21005 (excluding) |
| Acrobat_reader | Adobe | 20.001.3005 (including) | 20.005.30655 (excluding) |
| Acrobat_reader_dc | Adobe | 15.008.20082 (including) | 24.002.21005 (excluding) |