Lucene search

Kaspersky LabKLA60559

HistorySep 12, 2023 - 12:00 a.m.

KLA60559 ACE vulnerability in Adobe Acrobat and Adobe Acrobat Reader

2023-09-1200:00:00

Kaspersky Lab

threats.kaspersky.com

adobe acrobat

adobe acrobat reader

out of bounds write

arbitrary code execution

malware

exploit

ace

vulnerability

update

cve-2023-26369

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

Out of bounds write vulnerability was found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

APSB23-34

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2023-26369 critical

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Adobe Acrobat DC Continuous earlier than 23.006.20320Adobe Acrobat Reader DC Continuous earlier than 23.006.20320Adobe Acrobat 2020 Classic earlier than 20.005.30524Adobe Acrobat Reader 2020 Classic earlier than 20.005.30524