Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acrobat | Adobe | 20.001.30005 (including) | 20.005.30655 (excluding) |
| Acrobat | Adobe | 24.001.20604 (including) | 24.001.30159 (excluding) |
| Acrobat_dc | Adobe | 15.008.20082 (including) | 24.002.21005 (excluding) |
| Acrobat_reader | Adobe | 20.001.3005 (including) | 20.005.30655 (excluding) |
| Acrobat_reader_dc | Adobe | 15.008.20082 (including) | 24.002.21005 (excluding) |