====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN103
_____________________________________________________________________

DATE                : 27/02/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Framemaker versions prior to
                                             2019.0.5.

=====================================================================
https://helpx.adobe.com/security/products/framemaker/apsb20-04.html
_____________________________________________________________________

 Security Updates Available for Adobe Framemaker | APSB20-04

Bulletin ID 	Date Published       Priority
APSB20-04 	February 11, 2020	3


Summary

Adobe has released a security update for Adobe Framemaker. This update
addresses multiple critical vulnerabilities. Successful exploitation
could lead to arbitrary code execution in the context of the current
user.


Affected Versions

Product             Version              Platform
Adobe Framemaker    2019.0.4 and below 	 Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version:

Product 	Version     Platform    Priority    Availability
Adobe Framemaker    2019.0.5    Windows   3         Download Page


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity   CVE Numbers

Buffer Error    	Arbitrary code execution  Critical CVE-2020-3734

Heap Overflow    	Arbitrary code execution  Critical CVE-2020-3731
                                                           CVE-2020-3735

Memory Corruption    	Arbitrary code execution  Critical CVE-2020-3739
                                                           CVE-2020-3740

Out-of-Bounds Write    	Arbitrary code execution  Critical CVE-2020-3720
                                                           CVE-2020-3721
                                                           CVE-2020-3722
                                                           CVE-2020-3723
                                                           CVE-2020-3724
                                                           CVE-2020-3725
                                                           CVE-2020-3726
                                                           CVE-2020-3727
                                                           CVE-2020-3728
                                                           CVE-2020-3729
                                                           CVE-2020-3730
                                                           CVE-2020-3732
                                                           CVE-2020-3733
                                                           CVE-2020-3736
                                                           CVE-2020-3737
                                                           CVE-2020-3738


Acknowledgments


Adobe would like to thank Kdot working with Trend Micro Zero Day for
reporting this issue and for working with Adobe to help protect our
customers.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================