Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA61972
HistoryNov 14, 2023 - 12:00 a.m.

KLA61972 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2023-11-1400:00:00
Kaspersky Lab
threats.kaspersky.com
10
adobe
acrobat
reader
vulnerabilities
sensitive information
arbitrary code
update
cve-2023-44336
cve-2023-44337
cve-2023-44338
cve-2023-44359
cve-2023-44365
cve-2023-44366
cve-2023-44367
cve-2023-44371
cve-2023-44372
cve-2023-44339
cve-2023-44340
cve-2023-44348
cve-2023-44356
cve-2023-44357
cve-2023-44358
cve-2023-44360
cve-2023-44361

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability can be exploited execute arbitrary code.
  2. Out of bounds read vulnerability can be exploited to execute arbitrary code.
  3. Uninitialized pointer vulnerability can be exploited to execute arbitrary code.
  4. Out of bounds write vulnerability can be exploited to execute arbitrary code.
  5. Out of bounds read vulnerability can be exploited to obtain sensitive information.
  6. Use after free vulnerability can be exploited obtain sensitive information.

Original advisories

Adobe Security Bulletin

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2023-44336 critical

CVE-2023-44337 critical

CVE-2023-44338 critical

CVE-2023-44359 critical

CVE-2023-44365 critical

CVE-2023-44366 critical

CVE-2023-44367 critical

CVE-2023-44371 critical

CVE-2023-44372 critical

CVE-2023-44339 high

CVE-2023-44340 high

CVE-2023-44348 high

CVE-2023-44356 high

CVE-2023-44357 high

CVE-2023-44358 high

CVE-2023-44360 high

CVE-2023-44361 high

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Adobe Acrobat DC Continuous earlier than 23.006.20380
    Adobe Acrobat Reader DC Continuous earlier than 23.006.20380
    Adobe Acrobat 2020 earlier than 20.005.30539
    Adobe Acrobat Reader 2020 earlier than 20.005.30539

Related

nessus 4
openvas 8
adobe 1
prion 17
zdi 48
cve 17
nvd 17
talos 2
cvelist 17
talosblog 1
nessus
nessus
Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (macOS)
2023-11-14 00:00:00
Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54)
2023-11-14 00:00:00
Adobe Acrobat < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (macOS)
2023-11-14 00:00:00
openvas
openvas
Adobe Acrobat Reader DC Continuous Security Update (APSB23-54) - Mac OS X
2023-11-17 00:00:00
Adobe Acrobat Reader DC Continuous Security Update (APSB23-54) - Windows
2023-11-17 00:00:00
Adobe Acrobat DC Continuous Security Update (APSB23-54) - Mac OS X
2023-11-17 00:00:00
adobe
adobe
APSB23-54 : Security update available for Adobe Acrobat and Reader
2023-11-14 00:00:00
prion
prion
Design/Logic Flaw
2023-11-16 10:15:00
Design/Logic Flaw
2023-11-16 10:15:00
Design/Logic Flaw
2023-11-16 10:15:00
zdi
zdi
Adobe Acrobat Reader DC AcroForm value Out-Of-Bounds Read Information Disclosure Vulnerability
2023-11-15 00:00:00
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2023-11-15 00:00:00
Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability
2023-11-15 00:00:00
cve
cve
CVE-2023-44338
2023-11-16 10:15:10
CVE-2023-44339
2023-11-16 10:15:10
CVE-2023-44372
2023-11-16 10:15:18
nvd
nvd
CVE-2023-44357
2023-11-16 10:15:13
CVE-2023-44348
2023-11-16 10:15:12
CVE-2023-44338
2023-11-16 10:15:10
talos
talos
Adobe Acrobat Reader U3D page event use-after-free vulnerability
2023-11-15 00:00:00
Adobe Acrobat Reader Thermometer use-after-free vulnerability
2023-11-15 00:00:00
cvelist
cvelist
CVE-2023-44336 TALOS-2023-1794 - Adobe Acrobat Reader Thermometer use-after-free vulnerability
2023-11-16 09:52:46
CVE-2023-44372 TALOS-2023-1842 - Adobe Acrobat Reader U3D page event use-after-free vulnerability
2023-11-16 09:52:42
CVE-2023-44337 ZDI-CAN-21509: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
2023-11-16 09:52:43
talosblog
talosblog
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
2023-11-22 17:00:10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON
Related for KLA61972
nessus4openvas8adobe1prion17zdi48cve17nvd17talos2cvelist17talosblog1