CVE-2024-20728: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2024-20728 is an out-of-bounds write vulnerability affecting Adobe Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier. The vulnerability was discovered in December 2023 and publicly disclosed on February 13, 2024. This security flaw affects Adobe Acrobat and Reader applications on both Windows and macOS platforms (Adobe Advisory, NVD).

The vulnerability exists within the handling of Annotation objects and stems from improper validation of user-supplied data, which can result in a write past the end of an allocated buffer. It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The attacker could potentially gain the same rights and access as the compromised user account (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions available through the official Adobe update channels (Adobe Advisory).