VID |
50411 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30514.10514 or 23.003.20269. It is, therefore, affected by multiple vulnerabilities.
- Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29320)
- Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2023-29299)
- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-29303, CVE-2023-38238, CVE-2023-38243)
- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-38222, CVE-2023-38224, CVE-2023-38225, CVE-2023-38227, CVE-2023-38228)
- Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-38223, CVE-2023-38226, CVE-2023-38234, CVE-2023-38246)
- Out-of-bounds Read (CWE-125) potentially leading to Memory Leak (CVE-2023-38229, CVE-2023-38232, CVE-2023-38235)
- Use After Free (CWE-416) potentially leading to Memory Leak (CVE-2023-38230)
- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-38231, CVE-2023-38233)
- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-38236, CVE-2023-38237, CVE-2023-38239, CVE-2023-38240, CVE-2023-38241, CVE-2023-38242, CVE-2023-38244, CVE-2023-38247, CVE-2023-38248)
- Improper Input Validation (CWE-20) potentially leading to Arbitrary code execution (CVE-2023-38245)
* References: https://helpx.adobe.com/security/products/acrobat/apsb23-30.html
* Platforms Affected: Adobe Acrobat versions prior to 23.003.20269 Microsoft Windows Any version Linux Any version |
Recommendation |
Upgrade to the latest version of Adobe Acrobat (23.003.20269 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb23-30.html |
Related URL |
CVE-2023-29299,CVE-2023-29303,CVE-2023-29320,CVE-2023-38222,CVE-2023-38223,CVE-2023-38224,CVE-2023-38225,CVE-2023-38226,CVE-2023-38227 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|