Improper access control

2023-04-1221:15:00

PRIOn knowledge base

www.prio-n.com

adobe acrobat reader

versions

improper access control

arbitrary code execution

user interaction

malicious file

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CPENameOperatorVersion
acrobatge20.001.3005
acrobatle20.005.30441
acrobat_dcge15.008.20082
acrobat_dcle23.001.20093
acrobat_readerge20.001.3005
acrobat_readerle20.005.30441
acrobat_reader_dcge15.008.20082
acrobat_reader_dcle23.001.20093

Name	Operator	Version
acrobat	ge	20.001.3005
acrobat	le	20.005.30441
acrobat_dc	ge	15.008.20082
acrobat_dc	le	23.001.20093
acrobat_reader	ge	20.001.3005
acrobat_reader	le	20.005.30441
acrobat_reader_dc	ge	15.008.20082
acrobat_reader_dc	le	23.001.20093