PT-2022-18897 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-18
·
CVE-2022-28235
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
A use-after-free vulnerability in the processing of the acroform event could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.
Recommendations
For Acrobat Reader DC versions 22.001.20085 and earlier, update to a version later than 22.001.20085 to resolve the issue.
For Acrobat Reader DC versions 20.005.3031x and earlier, update to a version later than 20.005.3031x to resolve the issue.
For Acrobat Reader DC versions 17.012.30205 and earlier, update to a version later than 17.012.30205 to resolve the issue.
As a temporary workaround, consider avoiding the use of the acroform event until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader