Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.

The version of Adobe Reader installed on the remote Windows host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote macOS host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities.

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious font file. (CVE-2022-24091, CVE-2022-24092)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that     could result in arbitrary code execution in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-44701, CVE-2021-44704,     CVE-2021-44705, CVE-2021-44706, CVE-2021-44710, CVE-2021-45062, CVE-2021-45064)

  - Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and     17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated     attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue     requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-44702)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file,     potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2021-44703)

  - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and     earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code     execution in the context of the current user. Exploitation of this issue requires user interaction in that     a victim must open a malicious file. (CVE-2021-44707, CVE-2021-45061, CVE-2021-45068)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
156668	Adobe Reader < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01)	Nessus	Windows	high
156667	Adobe Reader < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01) (macOS)	Nessus	MacOS X Local Security Checks	high
156666	Adobe Acrobat < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01) (macOS)	Nessus	MacOS X Local Security Checks	high
156665	Adobe Acrobat < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01)	Nessus	Windows	high

Detections

Analytics

CVE-2022-24092

high

Tenable Plugins

high

high

high

high