AdobeVULNRICHMENT:CVE-2024-45112CVE-2024-45112 Acrobat Reader | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat_dc",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "24.003.20054"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:macos:*:*"
],
"vendor": "adobe",
"product": "acrobat_dc",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "24.002.21005"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"
],
"vendor": "adobe",
"product": "acrobat",
"versions": [
{
"status": "affected",
"version": "24.0",
"versionType": "custom",
"lessThanOrEqual": "24.001.30159"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat",
"versions": [
{
"status": "affected",
"version": "24.0",
"versionType": "semver",
"lessThanOrEqual": "24.001.30159"
},
{
"status": "affected",
"version": "20.0",
"versionType": "semver",
"lessThanOrEqual": "20.005.30655"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat_reader",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "20.005.30636"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:macos:*:*"
],
"vendor": "adobe",
"product": "acrobat_reader",
"versions": [
{
"status": "affected",
"version": "20.0",
"versionType": "custom",
"lessThanOrEqual": "20.005.30635"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat_reader_dc",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "24.002.20991"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat_reader",
"versions": [
{
"status": "affected",
"version": "20.0",
"versionType": "custom",
"lessThanOrEqual": "20.005.30635"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:macos:*:*",
"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:windows:*:*"
],
"vendor": "adobe",
"product": "acrobat_reader_dc",
"versions": [
{
"status": "affected",
"version": "20.0",
"versionType": "custom",
"lessThanOrEqual": "24.002.21005"
},
{
"status": "affected",
"version": "20.0",
"versionType": "custom",
"lessThanOrEqual": "24.003.20054"
}
],
"defaultStatus": "affected"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total