Lucene search
AbdulAziz Hariri of Haboob SAZDI-23-1106HistoryAug 15, 2023 - 12:00 a.m.
(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Remote Code Execution Vulnerability
2023-08-1500:00:00
AbdulAziz Hariri of Haboob SA
www.zerodayinitiative.com
3
adobe acrobat reader
remote code execution
net.http.request
user interaction
javascript
executable file
vulnerability
0.006 Low
EPSS
Percentile
79.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Net.HTTP.request objects. By performing actions in JavaScript, an attacker can launch an executable file. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current user.
Related
prion
prion
Input validation
2023-04-12 21:15:00
nvd
nvd
CVE-2023-26407
2023-04-12 21:15:21
cvelist
cvelist
CVE-2023-26407 ZDI-CAN-20712: Net.HTTP.request Arbitrary Command Execution
2023-04-12 00:00:00
cve
cve
CVE-2023-26407
2023-04-12 21:15:21
nessus
nessus
openvas
openvas
Adobe Reader Classic 2020 Security Update (APSB23-24) - Mac OS X
2023-04-14 00:00:00
Adobe Reader DC Continuous Security Update (APSB23-24) - Mac OS X
2023-04-14 00:00:00
Adobe Acrobat DC Continuous Security Update (APSB23-24) - Mac OS X
2023-04-14 00:00:00
kaspersky
kaspersky
KLA48835 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
2023-04-11 00:00:00
adobe
adobe
APSB23-24 : Security update available for Adobe Acrobat and Reader
2023-04-11 00:00:00