216.73.216.6

CVE-2024-45112

· Published 13/09/2024 09:15 · Modified 19/09/2024 14:56

Labels: CVE-2024-45112 2024-09-13CVE-2024-45112CWE-843[email protected]

Essential information

Published
13/09/2024 09:15
Modified
19/09/2024 14:56
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
adobe / acrobat cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
adobe / acrobat cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
adobe / acrobat dc cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
adobe / acrobat reader cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
adobe / acrobat reader dc cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
apple / macos cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

References