Kaspersky LabKLA20151KLA20151 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%
Detect date:
01/10/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Adobe Acrobat DC Continuous earlier than 22.003.20310
Adobe Acrobat Reader DC Continuous earlier than 22.003.20310
Adobe Acrobat 2020 Classic earlier than 20.005.30436
Adobe Acrobat Reader 2020 Classic earlier than 20.005.30436
Solution:
Update to the latest version
Download Adobe Acrobat Reader DC
Original advisories:
Impacts:
ACE
Related products:
Adobe Acrobat Reader DC Continuous
CVE-IDS:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21604
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22240
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22242
get2.adobe.com/uk/reader/
helpx.adobe.com/security/products/acrobat/apsb23-01.html
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-Acrobat-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2020/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%