| VID |
50410 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30514.10514 or 23.003.20269. It is, therefore, affected by multiple vulnerabilities.
- Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29320)
- Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2023-29299)
- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-29303, CVE-2023-38238, CVE-2023-38243)
- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-38222, CVE-2023-38224, CVE-2023-38225, CVE-2023-38227, CVE-2023-38228)
- Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-38223, CVE-2023-38226, CVE-2023-38234, CVE-2023-38246)
- Out-of-bounds Read (CWE-125) potentially leading to Memory Leak (CVE-2023-38229, CVE-2023-38232, CVE-2023-38235)
- Use After Free (CWE-416) potentially leading to Memory Leak (CVE-2023-38230)
- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-38231, CVE-2023-38233)
- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-38236, CVE-2023-38237, CVE-2023-38239, CVE-2023-38240, CVE-2023-38241, CVE-2023-38242, CVE-2023-38244, CVE-2023-38247, CVE-2023-38248)
- Improper Input Validation (CWE-20) potentially leading to Arbitrary code execution (CVE-2023-38245)
* References:
https://helpx.adobe.com/security/products/acrobat/apsb23-30.html
* Platforms Affected:
Adobe Acrobat versions prior to 20.005.30514.10514
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Acrobat (20.005.30514.10514 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb23-30.html |
| Related URL |
CVE-2023-29299,CVE-2023-29303,CVE-2023-29320,CVE-2023-38222,CVE-2023-38223,CVE-2023-38224,CVE-2023-38225,CVE-2023-38226,CVE-2023-38227 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
