HTTP: Adobe Acrobat Reader CVE-2024-49535 Improper Restriction of XML External Entity
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.
Extended Description
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.
References
CVE: CVE-2024-49535
Short Name
HTTP:STC:ADOBE:CVE-2024-49535
Severity
Major
Recommended
True
Recommended Action
None
Category
HTTP
Keywords
Acrobat Adobe CVE-2024-49535 Entity External Improper Reader Restriction XML of
Release Date
12/10/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3777
False Positive
Unknown