1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Acrobat and Reader Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2023-21608

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability primary_impact T1203 Exploitation for Client Execution
Comments
This vulnerability is exploited by having a user open a maliciously-crafted pdf file, which can result in arbitrary code execution.
References
  1. https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-cve-2023-21608
CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited by having a user open a maliciously-crafted pdf file, which can result in arbitrary code execution.
References
  1. https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-cve-2023-21608