CVE-2020-9715 is a critical remote code execution (RCE) vulnerability in Adobe Acrobat Reader DC and Adobe Acrobat.

The flaw is a use-after-free memory corruption vulnerability (CWE-416) that occurs when the application improperly handles objects in memory while processing specially crafted PDF files. When freed memory is accessed again, attackers can manipulate it to execute arbitrary code.

The vulnerability impacts;

• Adobe Acrobat Reader DC (versions prior to August 2020 updates)
• Adobe Acrobat (various desktop versions)
• Platforms: Windows and MacOS

Exploitation is typically file-based and requires user interaction.

Typical exploitation flow:

1. Delivery of malicious PDF

• The attacker crafts a specially designed PDF file containing exploit code.
• Delivered via phishing emails, malicious downloads, or compromised websites.

2. User opens the PDF

• The victim opens the file using a vulnerable version of Acrobat/Reader.

3. Triggering the use-after-free flaw

• The PDF triggers improper memory handling in the application.

4. Memory corruption

• Freed memory is reused and manipulated by the attacker.

5. Arbitrary code execution

• Malicious code executes with the privileges of the current user.

Successful exploitation of this vulnerability may allow attackers to:

• Execute arbitrary code on the victim’s system
• Install malware (e.g., spyware, trojans)
• Steal sensitive data
• Gain persistent access to the system
• Use the compromised system as a foothold for further attacks

The impact depends on the privileges of the user opening the file—higher privileges increase severity.

CERTVU recommends the following:

1. Apply Adobe Security Updates (Critical)

• Adobe Acrobat Reader DC
• Adobe Acrobat

2. Install patches released in August 2020 (APSB20-48 advisory) or later.