Korean
<< Back
VID 50413
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30514.10514 or 23.003.20269. It is, therefore, affected by multiple vulnerabilities.

- Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29320)

- Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2023-29299)

- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-29303, CVE-2023-38238, CVE-2023-38243)

- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-38222, CVE-2023-38224, CVE-2023-38225, CVE-2023-38227, CVE-2023-38228)

- Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-38223, CVE-2023-38226, CVE-2023-38234, CVE-2023-38246)

- Out-of-bounds Read (CWE-125) potentially leading to Memory Leak (CVE-2023-38229, CVE-2023-38232, CVE-2023-38235)

- Use After Free (CWE-416) potentially leading to Memory Leak (CVE-2023-38230)

- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-38231, CVE-2023-38233)

- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-38236, CVE-2023-38237, CVE-2023-38239, CVE-2023-38240, CVE-2023-38241, CVE-2023-38242, CVE-2023-38244, CVE-2023-38247, CVE-2023-38248)

- Improper Input Validation (CWE-20) potentially leading to Arbitrary code execution (CVE-2023-38245)

* References:
https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

* Platforms Affected:
Adobe Reader versions prior to 23.003.20269
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Reader (23.003.20269 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb23-30.html
Related URL CVE-2023-29299,CVE-2023-29303,CVE-2023-29320,CVE-2023-38222,CVE-2023-38223,CVE-2023-38224,CVE-2023-38225,CVE-2023-38226,CVE-2023-38227 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)