CVE-2020-3805: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier were identified with a use-after-free vulnerability. The vulnerability was assigned CVE-2020-3805 and was discovered in December 2019, with public disclosure occurring in March 2020. This security flaw affects multiple versions of Adobe Acrobat and Reader software across different release channels including both classic and continuous versions (NVD, CVE Mitre).

The vulnerability is classified as a use-after-free (CWE-416) vulnerability. According to the National Vulnerability Database, the severity of this vulnerability is rated as Critical with a CVSS v3.1 Base Score of 9.8 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and a CVSS v2.0 Base Score of 10.0 (Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C). These scores indicate the highest level of severity, suggesting the vulnerability is easily exploitable with potentially severe consequences (NVD).

Successful exploitation of this vulnerability could lead to arbitrary code execution on affected systems. Given the Critical CVSS score and the widespread use of Adobe Acrobat and Reader, the potential impact of this vulnerability is severe, potentially allowing attackers to execute malicious code with the same privileges as the affected application (NVD).

Adobe has addressed this vulnerability in their security bulletin APSB20-13. Users are advised to update to the latest versions of Adobe Acrobat and Reader to mitigate this vulnerability (Adobe Advisory).

The vulnerability was discovered by Ke Liu of Tencent Security Xuanwu Lab, demonstrating ongoing security research efforts by major security firms (Adobe Advisory).