CVE-2023-26369

[Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild

CVSS 7.8 HIGHEPSS 7.0%● KEVCWE-787

In short

Adobe Acrobat Reader contains a flaw that allows attackers to write data beyond memory boundaries, potentially running malicious code when a user opens a specially crafted PDF file.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in Acrobat Reader versions 23.003.20284 and earlier, 20.005.30516 and earlier, and 20.005.30514 and earlier. Attack vector requires user interaction to open a malicious PDF file, resulting in arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Adobe · Acrobat Reader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://helpx.adobe.com/security/products/acrobat/apsb23-34.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26369