Lucene search

K
cveAdobeCVE-2023-44336
HistoryNov 16, 2023 - 10:15 a.m.

CVE-2023-44336

2023-11-1610:15:08
CWE-416
adobe
web.nvd.nist.gov
118
adobe
acrobat reader
cve-2023-44336
use after free
vulnerability
arbitrary code execution
nvd
security
exploit

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.2%

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected configurations

Nvd
Vulners
Node
adobeacrobat_dcRange15.008.2008223.006.20380continuous
OR
adobeacrobat_reader_dcRange15.008.2008223.006.20380continuous
AND
applemacosMatch-
OR
microsoftwindowsMatch-
Node
adobeacrobatRange20.001.3000520.005.30539classic
OR
adobeacrobat_readerRange20.001.3000520.005.30539classic
AND
applemacosMatch-
OR
microsoftwindowsMatch-
VendorProductVersionCPE
adobeacrobat_dc*cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
adobeacrobat_reader_dc*cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
adobeacrobat_reader*cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Acrobat Reader",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "23.006.20360",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.2%