Lucene search

K
kasperskyKaspersky LabKLA48835
HistoryApr 11, 2023 - 12:00 a.m.

KLA48835 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2023-04-1100:00:00
Kaspersky Lab
threats.kaspersky.com
17
adobe
acrobat
reader
vulnerabilities
code execution
security bypass
information theft
privilege escalation
update
cve-2023-26405
cve-2023-26425
cve-2023-26417
cve-2023-26419
cve-2023-26423
cve-2023-26395
cve-2023-26407
cve-2023-26422
cve-2023-26408
cve-2023-26424
cve-2023-26421
cve-2023-26418
cve-2023-26406
cve-2023-26397
cve-2023-26420
cve-2023-26396

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.539 Medium

EPSS

Percentile

97.6%

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

  1. Input validation vulnerability can be exploited to execute arbitrary code
  2. Out of bounds read vulnerability can be exploited to execute arbitrary code.
  3. Use after free vulnerability can be exploited execute arbitrary code.
  4. Out of bounds write vulnerability can be exploited to execute arbitrary code.
  5. Input validation vulnerability can be exploited to execute arbitrary code.
  6. Improper Access Control vulnerability can be exploited to bypass security restrictions.
  7. Integer Underflow (Wrap or Wraparound) vulnerability can be exploited to execute arbitrary code
  8. Improper Access Control vulnerability can be exploited to bypass security restrictions
  9. Out of bounds read vulnerability can be exploited to obtain sensitive information.
  10. Elevation of privilege vulnerability can be exploited remotely to gain privileges.

Original advisories

APSB23-24

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2023-26405 critical

CVE-2023-26425 critical

CVE-2023-26417 critical

CVE-2023-26419 critical

CVE-2023-26423 critical

CVE-2023-26395 critical

CVE-2023-26407 critical

CVE-2023-26422 critical

CVE-2023-26408 critical

CVE-2023-26424 critical

CVE-2023-26421 critical

CVE-2023-26418 critical

CVE-2023-26406 critical

CVE-2023-26397 high

CVE-2023-26420 critical

CVE-2023-26396 critical

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Adobe Acrobat DC Continuous earlier than 23.001.20143Adobe Acrobat Reader DC Continuous earlier than 23.001.20143Adobe Acrobat 2020 Classic earlier than 20.005.30467Adobe AcrobatΒ Reader 2020 Classic earlier than 20.005.30467

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.539 Medium

EPSS

Percentile

97.6%