Kaspersky LabKLA20009KLA20009 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.071 Low
EPSS
Percentile
93.9%
Detect date:
10/11/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.
Affected products:
Adobe Acrobat DC Continuous earlier than 22.003.20258
Adobe Acrobat Reader DC Continuous earlier than 22.003.20258
Adobe Acrobat 2020 Classic earlier than 20.005.30407
Adobe Acrobat Reader 2020 Classic earlier than 20.005.30407
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
CVE-2022-384375.5High
CVE-2022-384495.5High
CVE-2022-423425.5High
CVE-2022-356915.5High
CVE-2022-423397.8Critical
CVE-2022-384507.8Critical
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42342
get2.adobe.com/uk/reader/
helpx.adobe.com/security/products/acrobat/apsb22-46.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Adobe-Acrobat-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.071 Low
EPSS
Percentile
93.9%