PT-2022-18899 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-18
·
CVE-2022-28237
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
A use-after-free vulnerability in the processing of annotations could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.
Recommendations
For Acrobat Reader DC versions 22.001.20085 and earlier, update to a version later than 22.001.20085 to resolve the issue.
For Acrobat Reader DC versions 20.005.3031x and earlier, update to a version later than 20.005.3031x to resolve the issue.
For Acrobat Reader DC versions 17.012.30205 and earlier, update to a version later than 17.012.30205 to resolve the issue.
As a temporary workaround, consider avoiding the use of annotation processing in Acrobat Reader DC until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader