CVE-2023-38222

CVSS V2 None CVSS V3 None

Description

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Overview

CVE ID
CVE-2023-38222

Assigner
psirt@adobe.com

Vulnerability Status
Analyzed

Published Version
2023-08-10T14:15:12

Last Modified Date
2023-08-15T13:58:42

Weakness Enumerations

CWE	URL
CWE-416	http://cwe.mitre.org/data/definitions/416.html
CWE-416	http://cwe.mitre.org/data/definitions/416.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*	1	OR	15.008.20082	23.003.20269
cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*	1	OR	15.008.20082	23.003.20269
cpe:2.3:o:apple:macos:-:::::::*	0	OR
cpe:2.3:o:microsoft:windows:-:::::::*	0	OR
		AND
cpe:2.3:a:adobe:acrobat:::::classic:::*	1	OR	20.001.30005	20.005.30516.10516
cpe:2.3:a:adobe:acrobat_reader:::::classic:::*	1	OR	20.001.30005	20.005.30516.10516
cpe:2.3:o:apple:macos:-:::::::*	0	OR
		AND
cpe:2.3:a:adobe:acrobat:::::classic:::*	1	OR	20.001.30005	20.005.30514.10514
cpe:2.3:a:adobe:acrobat_reader:::::classic:::*	1	OR	20.001.30005	20.005.30514.10514
cpe:2.3:o:microsoft:windows:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://helpx.adobe.com/security/products/acrobat/apsb23-30.html	Release Notes Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-38222
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38222

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:28:30				Added to TrackCVE
2023-09-06 03:28:33			Weakness Enumeration	new