Adobe released out of band patch security updates for four products. These updates addressed a total of 82 vulnerabilities. 46 vulnerabilities are rated critical and 31 vulnerabilities are rated important in severity. All the critical vulnerabilities lead to Arbitrary Code Execution and 34 vulnerabilities lead to disclosure of sensitive information.
Adobe Acrobat and Reader
68 vulnerabilities were addressed in Adobe Acrobat and Reader alone, out of which 45 vulnerabilities lead to Arbitrary Code Execution and the remaining 23 lead to Information Disclosure. The code execution flaws are rated critical and exist due to Out-of-band patch updates Bound Write, Use After Free, Heap Overflow, Buffer Overrun, Race Condition, Type Confusion, and Untrusted Pointer Dereference issues in the software.
Adobe Experience Manager and Adobe Experience Manager Forms
Adobe Experience Manager received updates which fixed 10 vulnerabilities leading to disclosure of sensitive information and 2 vulnerabilities leading to escalation of privilege and execution of arbitrary code. The Arbitrary Code Execution bug which existed due to a command injection issue was rated critical.
One vulnerability rated moderate in severity was fixed in Adobe Experience Manager Forms. This is a Reflected Cross-site Scripting vulnerability that leads to disclosure of sensitive information.
Adobe Download Manager
A privilege escalation vulnerability existed in Adobe Download Manager due to Insecure file permissions. This was fixed with an important update issued for Windows.
Affected products:
- Adobe Acrobat and Reader
- Adobe Experience Manager Forms
- Adobe Experience Manager
- Adobe Download Manager
Adobe Security Bulletin summary of out of band patch for October 2019:
Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-49, CVE-2019-8064, CVE-2019-8160, CVE-2019-8161, CVE-2019-8162, CVE-2019-8163, CVE-2019-8164, CVE-2019-8165, CVE-2019-8166, CVE-2019-8167, CVE-2019-8168, CVE-2019-8169, CVE-2019-8170, CVE-2019-8171, CVE-2019-8172, CVE-2019-8173, CVE-2019-8174, CVE-2019-8175, CVE-2019-8176, CVE-2019-8177, CVE-2019-8178, CVE-2019-8179, CVE-2019-8180, CVE-2019-8181, CVE-2019-8182, CVE-2019-8183, CVE-2019-8184, CVE-2019-8185, CVE-2019-8186, CVE-2019-8187, CVE-2019-8188, CVE-2019-8189, CVE-2019-8190, CVE-2019-8191, CVE-2019-8192, CVE-2019-8193, CVE-2019-8194, CVE-2019-8195, CVE-2019-8196, CVE-2019-8197, CVE-2019-8198, CVE-2019-8199, CVE-2019-8200, CVE-2019-8201, CVE-2019-8202, CVE-2019-8203, CVE-2019-8204, CVE-2019-8205, CVE-2019-8206, CVE-2019-8207, CVE-2019-8208, CVE-2019-8209, CVE-2019-8210, CVE-2019-8211, CVE-2019-8212, CVE-2019-8213, CVE-2019-8214, CVE-2019-8215, CVE-2019-8216, CVE-2019-8217, CVE-2019-8218, CVE-2019-8219, CVE-2019-8220, CVE-2019-8221, CVE-2019-8222, CVE-2019-8223, CVE-2019-8224, CVE-2019-8225, CVE-2019-8226
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure
Product : Adobe Experience Manager Forms
CVE’s/Advisory : APSB19-50, CVE-2019-8089
Severity : Moderate
Impact : Information Disclosure
Product : Adobe Experience Manager
CVE’s/Advisory : APSB19-48, CVE-2019-8078, CVE-2019-8079, CVE-2019-8080, CVE-2019-8081, CVE-2019-8082, CVE-2019-8083, CVE-2019-8084, CVE-2019-8085, CVE-2019-8086, CVE-2019-8087, CVE-2019-8088, CVE-2019-8234
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure, Privilege Escalation
Product : Adobe Download Manager
CVE’s/Advisory : APSB19-51, CVE-2019-8071
Severity : Important
Impact : Privilege Escalation