Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-26408 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to bypass security restrictions, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass access restrictions.

CVE-2023-26407 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user supplied input. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26421 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26405 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user supplied input. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26423 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26420 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26419 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26406 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to bypass security restrictions, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass access restrictions.

CVE-2023-26395 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26424 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26425 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26417 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26418 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26396 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to gain elevated privileges on the system, caused by a violation of secure design principles error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2023-26397 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

Security Bypass
Code Execution
Gain Access
Privilege Escalation

Indicators Of Compromise

CVE

CVE-2023-26408
CVE-2023-26407
CVE-2023-26421
CVE-2023-26405
CVE-2023-26423
CVE-2023-26420
CVE-2023-26419
CVE-2023-26406
CVE-2023-26395
CVE-2023-26424
CVE-2023-26425
CVE-2023-26417
CVE-2023-26418
CVE-2023-26396
CVE-2023-26397

Affected Vendors

Adobe

Affected Products

Adobe Acrobat DC 23.001.20093
Adobe Acrobat Reader DC 23.001.20093
Adobe Acrobat 2020 20.005.30441
Adobe Acrobat Reader 2020 20.005.30441

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

Adobe Security Advisory

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2024-32638 – Apache APISIX Vulnerability

Multiple SAP Products Vulnerabilities

Multiple IBM Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2024-32638 – Apache APISIX Vulnerability

Multiple SAP Products Vulnerabilities

Multiple IBM Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewter Threat Advisory – CVE-2023-21582 – Adobe Digital Editions Vulnerability

Rewterz Threat Update – Indian Hacker Group Claims To Defaced Gov NAVTTC eAcademy Subdomain