Adobe released security advisories providing fixes for 35 critical vulnerabilities. A total of 42 security bugs were fixed in this release. The critical vulnerabilities, all allow execution of arbitrary code on a target machine. These flaws affect Windows, Linux, Mac OS X and other platforms.
Adobe Framemaker
Twenty one critical arbitrary code execution flaws were patched in Framemaker alone. Sixteen bugs were caused due to Out-of-Bounds Write issues in the product. Heap overflow, memory corruption and buffer errors were the other flaws that received fixes.
Adobe Acrobat and Reader
Twelve critical arbitrary code execution flaws were patched in Acrobat and Reader. The other vulnerabilities which received fixes could be exploited to disclose sensitive information or leak data from the memory.
Adobe Flash Player
A critical type confusion issue was fixed in Flash Player. This flaw could be abused to execute arbitrary code on a target machine.
Adobe Digital Editions
A critical arbitrary code execution vulnerability and another flaw leading to information disclosure were fixed in Digital Editions. Adobe points out that the arbitrary code execution flaw was due to a command injection bug, and other buffer errors in the product could be exploited to result in information disclosure.
Adobe Experience Manager
An important bug in Experience Manager could be abused to launch Denial of Service attacks. This vulnerability arose due to uncontrolled resource consumption in a certain component of the product.
Adobe Security Bulletin Summary for February 2020:
Product : Adobe Framemaker
CVE’s/Advisory : APSB20-04, CVE-2020-3720, CVE-2020-3721, CVE-2020-3722, CVE-2020-3723, CVE-2020-3724, CVE-2020-3725, CVE-2020-3726, CVE-2020-3727, CVE-2020-3728, CVE-2020-3729, CVE-2020-3730, CVE-2020-3731, CVE-2020-3732, CVE-2020-3733, CVE-2020-3734, CVE-2020-3735, CVE-2020-3736, CVE-2020-3737, CVE-2020-3738, CVE-2020-3739, CVE-2020-3740
Severity : Critical
Impact : Arbitrary code execution
Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB20-05, CVE-2020-3742, CVE-2020-3743, CVE-2020-3744, CVE-2020-3745, CVE-2020-3746, CVE-2020-3747, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3752, CVE-2020-3753, CVE-2020-3754, CVE-2020-3755, CVE-2020-3756, CVE-2020-3762, CVE-2020-3763
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure, Memory Leak, Arbitrary file system write
Product : Adobe Flash Player
CVE’s/Advisory : APSB20-06, CVE-2020-3757
Severity : Critical
Impact : Arbitrary Code Execution
Product : Adobe Digital Editions
CVE’s/Advisory : APSB20-07, CVE-2020-3759, CVE-2020-3760
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure
Product : Adobe Experience Manager
CVE’s/Advisory : APSB20-08, CVE-2020-3741
Severity : Important
Impact : Denial-of-service
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.