Kaspersky LabKLA12609KLA12609 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.8%
Detect date:
08/09/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.
Affected products:
Adobe Acrobat DC Continuous earlier than 22.002.20191
Adobe Acrobat Reader DC Continuous earlier than 22.002.20191
Adobe Acrobat 2017 Classic earlier than 17.012.30262
Adobe Acrobat Reader 2017 Classic earlier than 17.012.30262
Adobe Acrobat 2020 Classic earlier than 20.005.30381
Adobe Acrobat Reader 2020 Classic earlier than 20.005.30381
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
CVE-2022-356677.8Critical
CVE-2022-356667.8Critical
CVE-2022-356657.8Critical
CVE-2022-356715.5High
CVE-2022-356705.5High
CVE-2022-356785.5High
CVE-2022-356685.5High
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35678
get2.adobe.com/uk/reader/
helpx.adobe.com/security/products/acrobat/apsb22-39.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.8%