First published: Tue Apr 12 2022(Updated: )
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | >=15.008.20082<=22.001.20085 | |
Adobe Acrobat Reader Notification Manager | >=15.008.20082<=22.001.20085 | |
Apple iOS and macOS | ||
Microsoft Windows | ||
Adobe Acrobat Reader | >=17.011.30059<=17.012.30205 | |
Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.012.30205 | |
Adobe Acrobat Reader | >=20.001.30005<=20.005.30314 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30314 | |
Adobe Acrobat Reader | >=20.001.30005<=20.005.30311 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30311 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28232 has been rated as critical due to its potential to allow arbitrary code execution.
To mitigate CVE-2022-28232, users should update to the latest version of Adobe Acrobat Reader DC that addresses this vulnerability.
CVE-2022-28232 affects Adobe Acrobat Reader DC versions 22.001.20085 and earlier, along with specific versions in the 20.x and 17.x series.
Yes, exploitation of CVE-2022-28232 could potentially lead to data loss if arbitrary code execution is achieved.
CVE-2022-28232 is primarily considered a local vulnerability as it requires the attacker to have access to the affected system.