all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-1748: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Add to bookmarks
Nov. 27, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44371.

acrobat acrobat reader adobe adobe acrobat arbitrary code attackers code code execution cvss exploit file free malicious page rating reader remote code remote code execution target use-after-free vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-784: PaperCut MF handleServiceException Cross-Site Scripting Authentication Bypass Vulnerability 15 hours ago | www.zerodayinitiative.com
attackers authentication authentication bypass bypass +16
ZDI-24-783: PaperCut MF pc-upconnector-service Server-Side Request Forgery Information Disclosure Vulnerability 15 hours ago | www.zerodayinitiative.com
attackers authentication cve cve-2024 +18
ZDI-24-782: PaperCut NG PrintDeployProxyController Incorrect Authorization Authentication Bypass Vulnerability 15 hours ago | www.zerodayinitiative.com
attackers authentication authentication bypass authorization +11
ZDI-24-781: PaperCut NG generateNextFileName Directory Traversal Remote Code Execution Vulnerability 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication code +14
ZDI-24-780: PaperCut NG upload Link Following Information Disclosure Vulnerability 15 hours ago | www.zerodayinitiative.com
attackers authentication authentication mechanism can +18
ZDI-24-779: PaperCut NG VendorKeys Hardcoded Credentials Authentication Bypass Vulnerability 15 hours ago | www.zerodayinitiative.com
attackers authentication authentication bypass bypass +13
ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability 4 days, 15 hours ago | www.zerodayinitiative.com
attackers authentication cvss escalation +14
ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability 4 days, 15 hours ago | www.zerodayinitiative.com
attackers authentication configuration cvss +18
ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability 4 days, 15 hours ago | www.zerodayinitiative.com
attacker attackers code controller +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Junior Analyst, Structured Data Services

@ Arete | Hyderabad
View on infosec-jobs.com

Manager, Global Data Analysis & Notification

@ Epiq | IND-Hyderabad-Sohini Tech Park, 3rd Floor, Financial District
View on infosec-jobs.com

Network Automation and Orchestration Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

Security Automation Developer

@ Maveris | Hines, Illinois, United States
View on infosec-jobs.com

Security Automation Developer

@ Maveris | Martinsburg, West Virginia, United States
View on infosec-jobs.com