Kaspersky LabKLA12501KLA12501 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.375 Low
EPSS
Percentile
97.1%
Detect date:
04/12/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges.
Affected products:
Adobe Acrobat 2017 Classic earlier than 17.012.30229
Adobe Acrobat Reader 2017 Classic earlier than 17.012.30229
Adobe Acrobat 2020 Classic earlier than 20.005.30334
Adobe Acrobat Reader 2020 Classic earlier than 20.005.30334
Adobe Acrobat DC Continuous earlier than 22.001.20117
Adobe Acrobat Reader DC Continuous earlier than 22.001.20117
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
CVE-2022-282485.5High
CVE-2022-282655.5High
CVE-2022-282665.5High
CVE-2022-277907.8Critical
CVE-2022-241013.3Warning
CVE-2022-282505.5High
CVE-2022-277887.8Critical
CVE-2022-282615.5High
CVE-2022-277967.8Critical
CVE-2022-282535.5High
CVE-2022-282495.5High
CVE-2022-277947.8Critical
CVE-2022-282387.8Critical
CVE-2022-282595.5High
CVE-2022-282377.8Critical
CVE-2022-282337.8Critical
CVE-2022-282635.5High
CVE-2022-277997.8Critical
CVE-2022-277917.8Critical
CVE-2022-282625.5High
CVE-2022-277867.8Critical
CVE-2022-282307.8Critical
CVE-2022-282585.5High
CVE-2022-282515.5High
CVE-2022-282465.5High
CVE-2022-282417.8Critical
CVE-2022-277987.8Critical
CVE-2022-282427.8Critical
CVE-2022-282455.5High
CVE-2022-282545.5High
CVE-2022-282446.3High
CVE-2022-282555.5High
CVE-2022-282645.5High
CVE-2022-241047.8Critical
CVE-2022-282605.5High
CVE-2022-241027.8Critical
CVE-2022-282317.8Critical
CVE-2022-282357.8Critical
CVE-2022-278017.8Critical
CVE-2022-282407.8Critical
CVE-2022-277877.8Critical
CVE-2022-282523.3Warning
CVE-2022-282347.8Critical
CVE-2022-282575.5High
CVE-2022-241037.8Critical
CVE-2022-282367.8Critical
CVE-2022-282327.8Critical
CVE-2022-282397.8Critical
CVE-2022-278007.8Critical
CVE-2022-282675.5High
CVE-2022-277957.8Critical
CVE-2022-282437.8Critical
CVE-2022-277857.8Critical
CVE-2022-282477.3High
CVE-2022-282565.5High
CVE-2022-277927.8Critical
CVE-2022-282693.3Warning
CVE-2022-277937.8Critical
CVE-2022-278027.8Critical
CVE-2022-282683.3Warning
CVE-2022-277977.8Critical
CVE-2022-277897.8Critical
CVE-2022-288387.8Critical
CVE-2022-288375.5High
CVE-2022-356727.8Critical
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27787
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28239
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28240
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28242
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28256
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28262
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35672
get2.adobe.com/uk/reader/
helpx.adobe.com/security/products/acrobat/apsb22-16.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.375 Low
EPSS
Percentile
97.1%