CVE-2023-38245

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 23.003.20244 and earlier Adobe Acrobat Reader versions 20.005.30467 and earlier Adobe Acrobat 2020 Adobe Acrobat Document Cloud

Description The issue is related to insufficient input validation, which can be exploited by a remote attacker to execute arbitrary code. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation requires user interaction, such as opening a maliciously crafted Microsoft Office file or visiting an attacker-controlled web page.

Recommendations For Adobe Acrobat Reader versions 23.003.20244 and earlier, update to a version later than 23.003.20244 to resolve the issue. For Adobe Acrobat Reader versions 20.005.30467 and earlier, update to a version later than 20.005.30467 to resolve the issue. For Adobe Acrobat 2020, consider disabling the ability to open maliciously crafted Microsoft Office files until a patch is available. For Adobe Acrobat Document Cloud, restrict access to untrusted web pages to minimize the risk of exploitation. As a temporary workaround, consider avoiding the use of NTLMv2 credentials in sensitive operations until the issue is resolved.