First published: Wed May 11 2022(Updated: )
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader DC | >=15.008.20082<=22.001.20085 | |
Adobe Acrobat Reader | >=15.008.20082<=22.001.20085 | |
macOS | ||
Microsoft Windows Operating System | ||
Adobe Acrobat Reader | >=17.011.30059<=17.012.30205 | |
Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.012.30205 | |
Adobe Acrobat Reader | >=20.001.30005<=20.005.30314 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30314 | |
Adobe Acrobat Reader | >=20.001.30005<=20.005.30311 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30311 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27800 is classified as a critical severity vulnerability due to its potential for arbitrary code execution.
CVE-2022-27800 affects Adobe Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier.
To fix CVE-2022-27800, update Adobe Acrobat Reader DC to the latest version available from Adobe.
Yes, exploiting CVE-2022-27800 could potentially lead to unauthorized access and data breaches due to arbitrary code execution.
Users and organizations using affected versions of Adobe Acrobat Reader DC should prioritize patching against CVE-2022-27800 to mitigate risks.