Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 19 Sep 2024 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Apple Apple macos Microsoft Microsoft windows | |
| CPEs | cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:* cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:* cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | |
| Vendors & Products | Apple Apple macos Microsoft Microsoft windows | 
Fri, 13 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Adobe Adobe acrobat Adobe acrobat Dc Adobe acrobat Reader Adobe acrobat Reader Dc | |
| CPEs | cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:acrobat:*:*:*:*:*:windows:*:* cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:macos:*:* cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:windows:*:* cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:macos:*:* cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:windows:*:* cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:macos:*:* cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:windows:*:* | |
| Vendors & Products | Adobe Adobe acrobat Adobe acrobat Dc Adobe acrobat Reader Adobe acrobat Reader Dc | |
| Metrics | ssvc 
 | 
Fri, 13 Sep 2024 09:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| Title | Acrobat Reader | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) | |
| Weaknesses | CWE-843 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: adobe
Published: 2024-09-13T08:58:58.128Z
Updated: 2024-09-13T13:42:56.318Z
Reserved: 2024-08-21T23:00:59.342Z
Link: CVE-2024-45112
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-13T13:34:41.209Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-09-13T09:15:13.947
Modified: 2024-09-19T14:56:53.697
Link: CVE-2024-45112
 Redhat
                        Redhat
                    No data.