HIGH🇵🇱 Wersja polska

CVE-2023-29320

CVSS 7.8v3.1pub. 2023-08-10upd. 2024-11-21

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Adobe Acrobat

    APP
    Adobe
    20.001.30005 – 20.005.30516.1051620.001.30005 – 20.005.30514.10514 (bez)
  • Adobe Acrobat DC

    APP
    Adobe
    15.008.20082 – 23.003.20269 (bez)
  • Adobe Acrobat Reader

    APP
    Adobe
    20.001.30005 – 20.005.30516.10516 (bez)20.001.30005 – 20.005.30514.10514 (bez)
  • Adobe Acrobat Reader Dc

    APP
    Adobe
    15.008.20082 – 23.003.20269 (bez)
  • Apple macOS

    OS
    Apple
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio