CVE-2020-9715 is a vulnerability in Adobe Acrobat
Published on August 19, 2020
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
Known Exploited Vulnerability
This Adobe Acrobat Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Adobe Acrobat contains a use-after-free vulnerability that allows for code execution.
The following remediation steps are recommended / required by April 27, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2020-9715 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2020-9715 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2020-9715
Want to know whenever a new CVE is published for Adobe Acrobat? stack.watch will email you.
Affected Versions
Adobe Acrobat and Reader Version 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier versions is affected by CVE-2020-9715Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.