PatchSiren cyber security CVE debrief
CVE-2020-9695 Adobe CVE debrief
CVE-2020-9695 is an out-of-bounds write vulnerability in Adobe Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523, and earlier. The vulnerability could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The CVSS score for this vulnerability is 7.8, indicating a high severity. Adobe Acrobat DC, Acrobat Reader DC, and Acrobat Reader are affected by this vulnerability.
- Vendor
- Adobe
- Product
- Acrobat Reader
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-26
Who should care
Organizations and individuals using Adobe Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523, and earlier should be aware of this vulnerability. This includes users of Adobe Acrobat DC, Acrobat Reader DC, and Acrobat Reader. IT teams and cybersecurity professionals responsible for patch management and vulnerability remediation should prioritize this CVE.
Technical summary
The CVE-2020-9695 vulnerability is an out-of-bounds write issue in Adobe Acrobat Reader. This type of vulnerability occurs when a program writes data to a memory location outside the bounds of a buffer, potentially leading to arbitrary code execution. In this case, the vulnerability requires user interaction, as the victim must open a malicious file. The affected products include Adobe Acrobat DC, Acrobat Reader DC, and Acrobat Reader. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity.
Defensive priority
Apply patches or updates provided by Adobe to vulnerable versions of Adobe Acrobat Reader. Ensure that users do not open malicious files, and implement robust email and web filtering to prevent the delivery of malicious files.
Recommended defensive actions
- Apply patches or updates provided by Adobe to vulnerable versions of Adobe Acrobat Reader.
- Ensure that users do not open malicious files, and implement robust email and web filtering to prevent the delivery of malicious files.
- Conduct regular vulnerability assessments and penetration testing to identify potential vulnerabilities.
- Implement a robust incident response plan to quickly respond to potential security incidents.
- Provide user education and awareness training on safe computing practices, including not opening suspicious files.
Evidence notes
The CVE-2020-9695 vulnerability is documented in the official CVE record and the NVD detail page. Adobe has provided a vendor advisory for this vulnerability. The vulnerability affects multiple versions of Adobe Acrobat Reader and DC.
Official resources
-
CVE-2020-9695 CVE record
CVE.org
-
CVE-2020-9695 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.