Products
Acrobat Reader
- 24.002.21005
- 24.001.30159
- 20.005.30655
- 24.003.20054 and earlier
Source
psirt@adobe.com
Tags
CVE-2024-45112 details
Published : Sept. 13, 2024, 9:15 a.m.
Last Modified : Sept. 13, 2024, 2:06 p.m.
Last Modified : Sept. 13, 2024, 2:06 p.m.
Description
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://helpx.adobe.com/security/products/acrobat/apsb24-70.html | psirt@adobe.com |
This website uses the NVD API, but is not approved or certified by it.