Conseils sécurité de Zscaler

Avis de sécurité - janvier 11, 2023

Zscaler protects against 15 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 15 vulnerabilities included in the January 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.

APSB23-01 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to denial-of-service, arbitrary code execution, privilege escalation and memory leak.

Affected Software

  • Acrobat DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows &  macOS
  • Acrobat Reader DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac)  and earlier versions for Windows &  macOS
  • Acrobat 2020 Classic 2020 20.005.30418 and earlier versions for Windows & macOS
  • Acrobat Reader 2020 Classic 20.005.30418 and earlier versions for Windows & macOS

 

CVE-2023-21579 – Integer Overflow or Wraparound vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21581 – Out-of-bounds Read vulnerability leading to memory leak

Severity: Important

 

CVE-2023-21585 – Out-of-bounds Read vulnerability leading to memory leak

Severity: Important

 

CVE-2023-21586 – NULL Pointer Dereference vulnerability leading to Application denial of service

Severity: Important

 

CVE-2023-21604 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21605 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21606 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21607 – Improper Input Validation vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21608 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21609 –  Out-of-bounds write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21610 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2023-21611 – Violation of Secure Design Principles leading to Privilege escalation

Severity: Important

 

CVE-2023-21612 – Violation of Secure Design Principles leading to Privilege escalation

Severity: Important

 

CVE-2023-21613 – Out-of-bounds Read vulnerability leading to memory leak

Severity: Important

 

CVE-2022-35691 – Out-of-bounds Read vulnerability leading to memory leak

Severity: Important