Lucene search
AbdulAziz Hariri of Haboob SAZDI-23-1111HistoryAug 15, 2023 - 12:00 a.m.
(Pwn2Own) Adobe Acrobat Reader DC Protected API Restrictions Bypass Vulnerability
2023-08-1500:00:00
AbdulAziz Hariri of Haboob SA
www.zerodayinitiative.com
29
vulnerability
adobe acrobat reader
remote attackers
javascript api
user interaction
net objects
arbitrary code
process context
EPSS
0.002
Percentile
58.9%
This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Net objects. The application does not adequately restrict access to a protected API. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Related
nvd
nvd
CVE-2023-29320
2023-08-10 14:15:11
cvelist
cvelist
CVE-2023-29320 ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw
2023-08-10 13:17:48
prion
prion
Design/Logic Flaw
2023-08-10 14:15:00
cve
cve
CVE-2023-29320
2023-08-10 14:15:11
malwarebytes
malwarebytes
Insights into your unpatched vulnerabilities
2023-12-11 10:17:48
openvas
openvas
Adobe Acrobat Classic 2020 Security Update (APSB23-30) - Windows
2023-08-22 00:00:00
Adobe Reader Classic 2020 Security Update (APSB23-30) - Windows
2023-08-22 00:00:00
Adobe Reader Classic 2020 Security Update (APSB23-30) - Mac OS X
2023-08-22 00:00:00
nessus
nessus
adobe
adobe
APSB23-30 : Security update available for Adobe Acrobat and Reader
2023-08-08 00:00:00
kaspersky
kaspersky
KLA51723 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
2023-08-08 00:00:00