Risk | High |
Patch available | YES |
Number of vulnerabilities | 13 |
CVE-ID | CVE-2022-23186 CVE-2022-23189 CVE-2022-23190 CVE-2022-23191 CVE-2022-23192 CVE-2022-23193 CVE-2022-23194 CVE-2022-23195 CVE-2022-23196 CVE-2022-23197 CVE-2022-23198 CVE-2022-23199 CVE-2022-23188 |
CWE-ID | CWE-787 CWE-476 CWE-401 CWE-125 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Adobe Illustrator CC Client/Desktop applications / Office applications |
Vendor | Adobe |
This security bulletin contains information about 13 vulnerabilities.
EUVDB-ID: #VU60424
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23186
CWE-ID:
CWE-787 - Out-of-bounds Write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted CDR file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-072
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60426
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23189
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted DWG file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-083
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60430
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23190
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted CGM file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-097
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60431
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23191
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted PCT file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-098
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60432
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23192
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted Artwork "AI" file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-094
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60433
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23193
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-099
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60434
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23194
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted CGM file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-096
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60435
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23195
CWE-ID:
CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak. A remote attacker can trick the victim to open a specially crafted CGM file and read parts of memory on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-095
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60436
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23196
CWE-ID:
CWE-125 - Out-of-bounds Read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CDR file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-075
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60438
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23197
CWE-ID:
CWE-125 - Out-of-bounds Read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CDR file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-070
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60427
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23198
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted CDR file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-074
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60428
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23199
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted CDR file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-073
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60439
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23188
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted PCT file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Illustrator CC: 25.0 - 25.4.3, 26.0 - 26.0.2
http://helpx.adobe.com/security/products/illustrator/apsb22-07.html
http://fortiguard.com/zeroday/FG-VD-21-093
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.