all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-1761: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

Add to bookmarks
Dec. 5, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44371.

acrobat acrobat reader adobe adobe acrobat arbitrary code attackers code code execution cvss exploit file font parsing free malicious page parsing rating reader remote code remote code execution target use-after-free vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability 3 days, 14 hours ago | www.zerodayinitiative.com
attackers authentication cvss escalation +14
ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability 3 days, 14 hours ago | www.zerodayinitiative.com
attackers authentication configuration cvss +18
ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability 3 days, 14 hours ago | www.zerodayinitiative.com
attacker attackers code controller +24
ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com
0day advanced attacker attackers +21
ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com
0day attackers bypass bypass vulnerability +19
ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com
0day attackers authentication bypass +14
ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com
0day attackers authentication bypass +16
ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution … 4 days, 14 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +22
ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com
0day attackers authentication cve +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Sr. Splunk Engineer | Remote, USA

@ Optiv | Illinois
View on infosec-jobs.com

DevSecOps Engineer

@ Johnson Controls | Johnson Controls (I) CoEE,Pune
View on infosec-jobs.com

DevSecOps Engineer- Mobile Solutions

@ ZF Friedrichshafen AG | Chennai, TN, IN, 600116
View on infosec-jobs.com

Penetration Testing Principal Consultant

@ Horangi | Thailand
View on infosec-jobs.com

Penetration Testing Team Lead - SG

@ Horangi | Singapore
View on infosec-jobs.com

Penetration Testing Engineer III

@ Boliden | (USA) AR BENTONVILLE Home Office ISD Office - DGTC
View on infosec-jobs.com