CVE-2022-24103

Published on: Not Yet Published

Last Modified on: 05/18/2022 04:26:00 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Acrobat from Adobe contain the following vulnerability:

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2022-24103 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Adobe - Acrobat Reader version <= 22.001.20085
  • Affected Vendor/Software: URL Logo Adobe - Acrobat Reader version <= 20.005.3031x
  • Affected Vendor/Software: URL Logo Adobe - Acrobat Reader version <= 17.012.30205
  • Affected Vendor/Software: URL Logo Adobe - Acrobat Reader version <= None

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 9.3 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Adobe Security Bulletin helpx.adobe.com
text/html
URL Logo MISC helpx.adobe.com/security/products/acrobat/apsb22-16.html

Related QID Numbers

  • 376538 Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB22-16)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAdobeAcrobatAllAllAllAll
ApplicationAdobeAcrobatAllAllAllAll
ApplicationAdobeAcrobatAllAllAllAll
ApplicationAdobeAcrobat DcAllAllAllAll
ApplicationAdobeAcrobat ReaderAllAllAllAll
ApplicationAdobeAcrobat ReaderAllAllAllAll
ApplicationAdobeAcrobat ReaderAllAllAllAll
ApplicationAdobeAcrobat Reader DcAllAllAllAll
Operating
System
AppleMacos-AllAllAll
Operating
System
MicrosoftWindows-AllAllAll
  • cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*:
  • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
  • cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*:
  • cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @itsec_jp IPA 重要 | Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) ift.tt/iG6XDc3 #itsec_jp 2022-04-13 02:59:50
Twitter Icon @SecurityOsaka Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) | IPAセキュリティセンター:重要なセキュリティ情報 IPAセキュリティセンター:重要なセキュリティ… twitter.com/i/web/status/1… 2022-04-13 03:06:50
Twitter Icon @securenews_web Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) - IPA [securenews.appsight.net/entries/14173] ipa.go.jp/security/ciadr… 2022-04-13 03:10:09
Twitter Icon @TokyoSec Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) dlvr.it/SNTLMR 2022-04-13 03:16:02
Twitter Icon @jexens Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) ift.tt/iG6XDc3 2022-04-13 03:57:09
Twitter Icon @gesuno_jp Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等)ift.tt/iG6XDc3 2022-04-13 04:38:15
Twitter Icon @ICATalerts Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) dlvr.it/SNTYqZ 2022-04-13 05:23:02
Twitter Icon @itsec_jp ICATalerts: Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) dlvr.it/SNTYqZ twitter.com/ICATalerts/sta… #itsec_jp 2022-04-13 05:28:07
Twitter Icon @ohhara_shiojiri Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等):IPA 独立行政法人 情報処理推進機構 ipa.go.jp/security/ciadr… 2022-04-13 05:38:37
Twitter Icon @ipssignatures The vuln CVE-2022-24103 has a tweet created 0 days ago and retweeted 11 times. twitter.com/ICATalerts/sta… #pow1rtrtwwcve 2022-04-13 12:06:01
Twitter Icon @JA_KJi2 Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等):IPA 独立行政法人 情報処理推進機構 ipa.go.jp/security/ciadr… 2022-04-13 14:13:19
Twitter Icon @jpsecuritynews 2022/04/13[注意] Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等) /security/ciadr/vul/20220413-adobereader.html #脆弱性 #セキュリティ 2022-04-14 01:00:19
Twitter Icon @andhyphen “Adobe Acrobat および Reader の脆弱性対策について(APSB22-16)(CVE-2022-24103等):IPA 独立行政法人 情報処理推進機構” htn.to/3nQvERJ5Q9 2022-04-14 15:03:06
Twitter Icon @CVEreport CVE-2022-24103 : Acrobat Reader DC versions 20.001.20085 and earlier , 20.005.3031x and earlier and 17.012.30205… twitter.com/i/web/status/1… 2022-05-11 18:06:03
Twitter Icon @threatmeter CVE-2022-24103 | Adobe Acrobat Reader up to 17.012.30205/20.001.20085/20.005.3031x use after free (apsb22-16) A vul… twitter.com/i/web/status/1… 2022-05-12 07:09:03
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-04-14 14:17:43
Reddit Logo Icon /r/netcve CVE-2022-24103 2022-05-11 18:38:25
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report