Lucene search

K
cvelistAdobeCVELIST:CVE-2023-26408
HistoryApr 12, 2023 - 12:00 a.m.

CVE-2023-26408 ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability

2023-04-1200:00:00
CWE-284
adobe
www.cve.org
adobe
acrobat
reader
improper access control
vulnerability
cve-2023-26408
zdi-can-20712
arbitrary code execution
user interaction
malicious file

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.0%

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Acrobat Reader",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "23.001.20093",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "20.005.30441",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.0%

Related for CVELIST:CVE-2023-26408