PT-2022-18910 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-19
·
CVE-2022-28247
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe Acrobat Reader DC versions 22.001.2011x and earlier
Adobe Acrobat Reader DC versions 20.005.3033x and earlier
Adobe Acrobat Reader DC versions 17.012.3022x and earlier
Description
The issue is related to an uncontrolled search path vulnerability that could lead to local privilege escalation. It requires user interaction, where a victim must run the uninstaller with Admin privileges. Additionally, there's a missing support for integrity check that allows attackers to escalate privileges.
Recommendations
For Adobe Acrobat Reader DC versions 22.001.2011x and earlier, update to a version that includes a fix for the uncontrolled search path vulnerability.
For Adobe Acrobat Reader DC versions 20.005.3033x and earlier, update to a version that includes a fix for the uncontrolled search path vulnerability.
For Adobe Acrobat Reader DC versions 17.012.3022x and earlier, update to a version that includes a fix for the uncontrolled search path vulnerability.
As a temporary workaround, consider restricting the use of the uninstaller with Admin privileges until a patch is available.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader