Lucene search

K
kasperskyKaspersky LabKLA12586
HistoryJul 12, 2022 - 12:00 a.m.

KLA12586 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2022-07-1200:00:00
Kaspersky Lab
threats.kaspersky.com
306
adobe acrobat
adobe acrobat reader
vulnerabilities
code execution
denial of service
update
ace
osi
dos
sb

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.405

Percentile

97.3%

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in media can be exploited to execute arbitrary code.
  2. Out of bounds memory write vulnerability can be exploited to execute arbitrary code.
  3. Use after free vulnerability in media can be exploited to cause denial of service.
  4. Uninitialized pointer vulnerability can be exploited to execute arbitrary code.
  5. Out of bounds memory read vulnerability can be exploited to cause denial of service.
  6. Out of bounds memory read vulnerability can be exploited to execute arbitrary code.
  7. Type confusion vulnerability can be exploited to execute arbitrary code.

Original advisories

APSB22-32

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2022-34225 critical

CVE-2022-34217 critical

CVE-2022-34233 high

CVE-2022-34228 critical

CVE-2022-34224 critical

CVE-2022-34239 high

CVE-2022-34229 critical

CVE-2022-34223 critical

CVE-2022-34220 critical

CVE-2022-34234 high

CVE-2022-34222 critical

CVE-2022-34216 critical

CVE-2022-34219 critical

CVE-2022-34221 critical

CVE-2022-34238 high

CVE-2022-34237 high

CVE-2022-34230 critical

CVE-2022-34227 critical

CVE-2022-34226 critical

CVE-2022-34232 high

CVE-2022-34215 critical

CVE-2022-34236 high

CVE-2022-35669 high

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Adobe Acrobat 2017 Classic earlier than 17.012.30249Adobe Acrobat Reader 2017 Classic earlier than  17.012.30249Adobe Acrobat 2020 Classic earlier than 20.005.30362Adobe Acrobat Reader 2020 Classic earlier than 20.005.30362Adobe Acrobat DC Continuous earlier than 22.001.20169Adobe Acrobat Reader DC Continuous earlier than 22.001.20169

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.405

Percentile

97.3%