CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-34096

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.0006/1

CVE-2024-34096 is a Use-After-Free vulnerability in Acrobat Reader that can lead to arbitrary code execution. Successful exploitation requires a user to open a malicious file. Although the CVSS score is 0, indicating a base score that does not account for exploitability, SOCRadar's Vulnerability Risk Score (SVRS) is 30, providing additional context. This score, while not critical (above 80), suggests a moderate level of risk, further emphasized by the "In The Wild" tag, indicating active exploitation. If successful, attackers could execute arbitrary code with the privileges of the current user. Organizations should prioritize patching vulnerable Acrobat Reader versions to mitigate potential threats and reduce their attack surface. Immediate action is not required, but monitoring and timely updates are advised.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-15
LAST MODIFIED2024-05-15

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-34096 | Adobe Acrobat Reader up to 20.005.30574/24.002.20736 use after free (apsb24-29)
vuldb.com2024-12-03
CVE-2024-34096 | Adobe Acrobat Reader up to 20.005.30574/24.002.20736 use after free (apsb24-29) | A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader up to 20.005.30574/24.002.20736. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-34096. The attack may be initiated remotely. There is no exploit available. It is recommended to
vuldb.com
rss
forum
news
ZDI-24-480: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
2024-05-19
ZDI-24-480: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34096.
cve-2024-34096
cves
dc
use
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
Vulnerability Summary for the Week of May 13, 2024 | High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source &amp; Patch Info <
cisa.gov
rss
forum
news
Adobe Reader ve Acrobat’taki Kritik Açıkları Yamadı
Yunus Emre Sayın2024-05-19
Adobe Reader ve Acrobat’taki Kritik Açıkları Yamadı | Adobe, yaygın olarak kullanılan Adobe Acrobat ve Reader yazılımları da dahil olmak üzere geniş bir ürün yelpazesinde çok sayıda kod yürütme açığını belgelemektedir. Yazılım üreticisi Adobe Salı günü geniş bir ürün yelpazesinde 35 güvenlik açığını belgeledi ve kullanıcıları yaygın olarak kullanılan Adobe Acrobat ve Reader programlarındaki kritik önemdeki hatalara derhal dikkat etmeye çağırdı. Adobe&#8217;nun belirli bir güncelleme döneminde Salı Günü Yaması güncellemeleri kapsamında, Acrobat ve Reader&#8217;da bir düzine güvenlik açığını düzelttiği ve kullanıcıları kod yürütme saldırılarına maruz bırakan birkaç soruna kritik önem atadığı belirtildi. Adobe PSIRT&#8217;den
cve-2024-34100
cve-2024-30314
cve-2024-30297
cve-2024-34101
Adobe fixed multiple critical flaws in Acrobat and Reader
Pierluigi Paganini2024-05-15
Adobe fixed multiple critical flaws in Acrobat and Reader | Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader. Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact Adobe Acrobat and&#160;Reader software. The arbitrary code execution [&#8230;] Adobe addressed multiple code execution vulnerabilities in several
securityaffairs.co
rss
forum
news

Social Media

CVE-2024-34096 Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploi... https://t.co/2bz0dp4Jgz
0
0
0
CVE-2024-34096 Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the con… https://t.co/hxMnYaZyxo
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence