CVE-2022-28231

Name of the Vulnerable Software and Affected Versions Acrobat Reader DC versions 22.001.20085 and earlier Acrobat Reader DC versions 20.005.3031x and earlier Acrobat Reader DC versions 17.012.30205 and earlier

Description The issue is an out-of-bounds read vulnerability that occurs when processing a doc object, potentially allowing an attacker to execute code in the context of the current user. This can happen when a victim opens a malicious file, requiring user interaction for exploitation. The vulnerability could result in a read past the end of an allocated memory structure.

Recommendations For versions 22.001.20085 and earlier, consider disabling the doc object processing feature until a patch is available. For versions 20.005.3031x and earlier, restrict access to potentially malicious files to minimize the risk of exploitation. For versions 17.012.30205 and earlier, avoid opening untrusted files with Acrobat Reader DC until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.