Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2022-07-13 | Updated: 2022-10-11
Risk High
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2022-34236
CVE-2022-34232
CVE-2022-34215
CVE-2022-34233
CVE-2022-34216
CVE-2022-34217
CVE-2022-34219
CVE-2022-34220
CVE-2022-34234
CVE-2022-34221
CVE-2022-34239
CVE-2022-34230
CVE-2022-34238
CVE-2022-34237
CVE-2022-34222
CVE-2022-34223
CVE-2022-34224
CVE-2022-34225
CVE-2022-34226
CVE-2022-34227
CVE-2022-34228
CVE-2022-34229
CVE-2022-35669
CWE-ID CWE-125
CWE-416
CWE-787
CWE-843
CWE-824
Exploitation vector Network
Public exploit Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #12 is available.
Vulnerable software
Subscribe
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU65239

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34236

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-979/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU65236

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when printing Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-982/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU65240

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34215

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-983/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU65235

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34233

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-985/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU65234

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34216

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1001/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU65243

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34217

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds write and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-990/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU65233

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34219

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-989/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU65232

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34220

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-998/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU65231

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34234

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in printWithParams when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-984/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Type confusion

EUVDB-ID: #VU65244

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-34221

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Out-of-bounds read

EUVDB-ID: #VU65238

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34239

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-980/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU65224

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-34230

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Out-of-bounds read

EUVDB-ID: #VU65237

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34238

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU65230

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34237

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-981/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU65241

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34222

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling the query method. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-988/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU65229

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34223

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-995/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU65228

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34224

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-992/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU65227

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34225

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-996/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU65242

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34226

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-994/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU65226

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34227

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1000/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Access of uninitialized pointer

EUVDB-ID: #VU65245

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34228

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-991/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU65225

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34229

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 17.008.30051 - 22.001.20142

Adobe Reader: 17.012.30227 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-993/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU68153

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-35669

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 17.012.30227 - 2020.013.20074

Adobe Acrobat: 17.008.30051 - 22.001.20142

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb22-32.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###