How severe is CVE-2020-24428?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2020-24428?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2020-24428 - HIGH Severity | CVSS 7.7

Vulnerability Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Related Vulnerabilities

CVE-2020-3982

HIGH

CVSS:7.7(High)

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulne...

CWE-3672020

CVE-2024-34528

HIGH

CVSS:7.7(High)

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.

CWE-3672024

CVE-2025-29833

HIGH

CVSS:7.7(High)

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

CWE-3672025

CVE-2017-0331

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critica...

CWE-3672017

CVE-2017-0411

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Hi...

CWE-3672017

CVE-2017-0412

HIGH

CVSS:7.8(High)

CWE-3672017