Adobe Acrobat Reader up to 17.012.3022x/20.005.3033x/22.001.2011x uncontrolled search path

A vulnerability was found in Adobe Acrobat Reader up to 17.012.3022x/20.005.3033x/22.001.2011x (Document Reader Software) and classified as critical. Affected by this issue is an unknown code block. Upgrading eliminates this vulnerability.

Field	05/12/2022 12:45 PM	05/14/2022 03:40 PM
cvss3_cna_c	H	H
cvss3_cna_i	H	H
cvss3_cna_a	H	H
identifier	apsb22-16	apsb22-16
url	https://helpx.adobe.com/security/products/acrobat/apsb22-16.html	https://helpx.adobe.com/security/products/acrobat/apsb22-16.html
name	Upgrade	Upgrade
cve	CVE-2022-28247	CVE-2022-28247
cve_assigned	1648591200	1648591200
cve_cna	Adobe Systems Incorporated	Adobe Systems Incorporated
vendor	Adobe	Adobe
name	Acrobat Reader	Acrobat Reader
version	<=17.012.3022x/20.005.3033x/22.001.2011x	<=17.012.3022x/20.005.3033x/22.001.2011x
cwe	427 (privilege escalation)	427 (privilege escalation)
risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	H	H
cvss3_vuldb_pr	L	L
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
cvss3_cna_av	L	L
cvss3_cna_ac	H	H
cvss3_cna_pr	L	L
cvss3_cna_ui	R	R
cvss3_cna_s	U	U
date	1652306400 (05/12/2022)	1652306400 (05/12/2022)
type	Document Reader Software	Document Reader Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	H	H
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_e	X	X
cvss3_cna_basescore	6.7	6.7
cvss2_vuldb_basescore	4.6	4.6
cvss2_vuldb_tempscore	4.0	4.0
cvss3_vuldb_basescore	4.6	4.6
cvss3_vuldb_tempscore	4.4	4.4
cvss3_meta_basescore	5.6	5.6
cvss3_meta_tempscore	5.5	5.5
price_0day	$25k-$100k	$25k-$100k
cve_nvd_summary		Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!