- 164/2022
- High
Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat and Reader. The remote attacker could exploit these vulnerabilities to gain access and disclose information on the affected system.
The security updates addresses vulnerabilities in the following products: Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017,and Acrobat Reader 2017.
Sample of the addressed vulnerabilities:
- Adobe Acrobat and Reader arbitrary code execution (CVE-2022-35672):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
- Remediation Level: Official Fix
- Adobe Acrobat and Reader memory Leak (CVE-2022-35669):
- CVSS: 5.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
- Remediation Level: Official Fix
Vulnerabilities
- CVE-2022-35672
- CVE-2022-35669
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.