PT-2022-18594 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-18
·
CVE-2022-27799
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
A use-after-free vulnerability in the processing of the acroform event could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.
Recommendations
For versions 22.001.20085 and earlier, update to a version that fixes the use-after-free vulnerability in the acroform event processing.
For versions 20.005.3031x and earlier, update to a version that fixes the use-after-free vulnerability in the acroform event processing.
For versions 17.012.30205 and earlier, update to a version that fixes the use-after-free vulnerability in the acroform event processing.
As a temporary workaround, consider avoiding the opening of malicious files until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader