Multiple vulnerabilities in Adobe Acrobat and Reader



| Updated: 2023-12-05
Risk High
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2023-44339
CVE-2023-44361
CVE-2023-44360
CVE-2023-44358
CVE-2023-44357
CVE-2023-44356
CVE-2023-44348
CVE-2023-44340
CVE-2023-44372
CVE-2023-44336
CVE-2023-44371
CVE-2023-44367
CVE-2023-44366
CVE-2023-44365
CVE-2023-44359
CVE-2023-44338
CVE-2023-44337
CWE-ID CWE-125
CWE-416
CWE-787
CWE-824
Exploitation vector Network
Public exploit N/A
Vulnerable software
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU83088

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44339

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1710/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU83082

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44361

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1709/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU83095

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44360

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1687/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU83094

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44358

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1705/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU83093

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44357

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1691/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU83092

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44356

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1703/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU83091

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44348

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1688/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU83090

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44340

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1711/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU83081

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44372

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU83077

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44336

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU83080

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44371

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1708/
http://www.zerodayinitiative.com/advisories/ZDI-23-1707/
http://www.zerodayinitiative.com/advisories/ZDI-23-1706/
http://www.zerodayinitiative.com/advisories/ZDI-23-1704/
http://www.zerodayinitiative.com/advisories/ZDI-23-1702/
http://www.zerodayinitiative.com/advisories/ZDI-23-1701/
http://www.zerodayinitiative.com/advisories/ZDI-23-1700/
http://www.zerodayinitiative.com/advisories/ZDI-23-1699/
http://www.zerodayinitiative.com/advisories/ZDI-23-1698/
http://www.zerodayinitiative.com/advisories/ZDI-23-1696/
http://www.zerodayinitiative.com/advisories/ZDI-23-1695/
http://www.zerodayinitiative.com/advisories/ZDI-23-1694/
http://www.zerodayinitiative.com/advisories/ZDI-23-1693/
http://www.zerodayinitiative.com/advisories/ZDI-23-1736/
http://www.zerodayinitiative.com/advisories/ZDI-23-1737/
http://www.zerodayinitiative.com/advisories/ZDI-23-1738/
http://www.zerodayinitiative.com/advisories/ZDI-23-1739/
http://www.zerodayinitiative.com/advisories/ZDI-23-1740/
http://www.zerodayinitiative.com/advisories/ZDI-23-1741/
http://www.zerodayinitiative.com/advisories/ZDI-23-1742/
http://www.zerodayinitiative.com/advisories/ZDI-23-1743/
http://www.zerodayinitiative.com/advisories/ZDI-23-1744/
http://www.zerodayinitiative.com/advisories/ZDI-23-1745/
http://www.zerodayinitiative.com/advisories/ZDI-23-1746/
http://www.zerodayinitiative.com/advisories/ZDI-23-1747/
http://www.zerodayinitiative.com/advisories/ZDI-23-1748/
http://www.zerodayinitiative.com/advisories/ZDI-23-1749/
http://www.zerodayinitiative.com/advisories/ZDI-23-1750/
http://www.zerodayinitiative.com/advisories/ZDI-23-1751/
http://www.zerodayinitiative.com/advisories/ZDI-23-1757/
http://www.zerodayinitiative.com/advisories/ZDI-23-1759/
http://www.zerodayinitiative.com/advisories/ZDI-23-1760/
http://www.zerodayinitiative.com/advisories/ZDI-23-1761/
http://www.zerodayinitiative.com/advisories/ZDI-23-1758/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU83079

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44367

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1690/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU83087

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44366

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 20.005.30331 - 2020.013.20074

Adobe Acrobat: 15.006.30306 - 23.006.20360

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1689/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Access of Uninitialized Pointer

EUVDB-ID: #VU83086

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44365

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 20.005.30331 - 2020.013.20074

Adobe Acrobat: 15.006.30306 - 23.006.20360

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1692/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU83078

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44359

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 23.006.20360

Adobe Reader: 20.005.30331 - 2020.013.20074

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1697/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU83085

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44338

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 20.005.30331 - 2020.013.20074

Adobe Acrobat: 15.006.30306 - 23.006.20360

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1712/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU83084

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44337

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Reader: 20.005.30331 - 2020.013.20074

Adobe Acrobat: 15.006.30306 - 23.006.20360

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb23-54.html
http://www.zerodayinitiative.com/advisories/ZDI-23-1713/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###