Login Sign Up

CVE-2020-3740

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a memory corruption vulnerability in Adobe Framemaker that could allow an attacker to execute arbitrary code on affected systems. It affects users of Adobe Framemaker versions 2019.0.4 and below, potentially leading to full system compromise if exploited.

💻 Affected Systems

Products:
  • Adobe Framemaker
Versions: 2019.0.4 and below
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable; no special configuration required.

📦 What is this software?

Framemaker by Adobe

View all CVEs affecting Framemaker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution, allowing attacker control over the victim's machine.

🟠

Likely Case

Arbitrary code execution in the context of the user running Framemaker, leading to data theft, malware installation, or lateral movement.

🟢

If Mitigated

Limited impact if systems are patched, isolated, or have strict application controls preventing exploitation.

🌐 Internet-Facing: LOW, as Framemaker is typically not an internet-facing application; exploitation would require local access or user interaction.
🏢 Internal Only: HIGH, as internal users could exploit this via malicious documents, leading to potential network-wide compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires user interaction, such as opening a malicious document, but details are not publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2019.0.5 or later

Vendor Advisory: https://helpx.adobe.com/security/products/framemaker/apsb20-04.html

Restart Required: Yes

Instructions:

1. Open Adobe Framemaker. 2. Go to Help > Check for Updates. 3. Follow prompts to install the latest version (2019.0.5 or above). 4. Restart the application after installation.

🔧 Temporary Workarounds

Restrict document sources

all

Limit opening Framemaker documents to trusted sources only to reduce risk of exploitation.

🧯 If You Can't Patch

  • Isolate affected systems from critical networks to limit potential lateral movement.
  • Implement application whitelisting to block unauthorized execution of Framemaker or related processes.

🔍 How to Verify

Check if Vulnerable:

Check the Adobe Framemaker version via Help > About Framemaker; if version is 2019.0.4 or below, it is vulnerable.

Check Version:

On Windows: Check via Help > About Framemaker in the GUI. On macOS: Use 'defaults read /Applications/Adobe\ Framemaker\ 2019/Info.plist CFBundleShortVersionString' in terminal.

Verify Fix Applied:

After updating, verify the version is 2019.0.5 or later using the same method.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Framemaker.exe or related executables
  • Crashes or error logs in Framemaker application logs

Network Indicators:

  • Outbound connections from Framemaker to unknown IPs post-exploitation

SIEM Query:

Example: 'process_name:Framemaker.exe AND event_type:process_creation' to monitor for suspicious activity.

📊 Metadata

CVE ID: CVE-2020-3740
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 13, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3740, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)