Description

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.

Related CPE's

a

adobe

acrobat_dc

*

*

*

*

continuous

Vulnerable

a

adobe

acrobat_reader_dc

*

*

*

*

continuous

Vulnerable

o

apple

macos

2

o

microsoft

windows

2

a

adobe

acrobat

2

a

adobe

acrobat_reader

2

References

https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-200

[email protected]

Secondary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-10T14:15:14.773

11 months ago

Last modified

2023-08-15T13:57:40.647

11 months ago