CVE-2022-38410 Adobe Illustrator versions 26.4 and earlier are affected by an out-of-bounds read vulnerability that could reveal sensitive memory.
In addition, Adobe applications are affected if they are installed on an affected version. Adobe Acrobat Reader versions earlier than 11.0 are affected if installed on an affected version. Adobe XMP Panels version earlier than 3.2 are affected if installed on an affected version. Adobe Connect versions earlier than 5.0.9335.287 are affected if installed on an affected version. Adobe AIR versions earlier than 20.0.0.198 are affected if installed on an affected version. Adobe Animate versions earlier than 18.0.0.198 are affected if installed on an affected version. Adobe Digital Publishing versions earlier than 2.0.0 are affected if installed on an affected version. Adobe Device Central versions earlier than 2.0.0 are affected if installed on an affected version. Adobe Document Converters versions earlier than 1.0.0 are affected if installed on an affected version. Adobe DNG Converter versions earlier than 2.1.0 are affected if installed on an affected version. Adobe Fillable Forms versions earlier than 2.0.0 are affected if installed on an affected version. Adobe Fireworks versions earlier than 15.0.0 are affected if installed on an affected version. Adobe XMP Panels versions earlier than 5.3 are affected if installed on an affected version. Adobe XD versions earlier than 3.0 are affected if installed on an affected version. Adobe Analytics versions earlier than 2.0 are affected if installed on an affected version. Adobe Analytics
Adobe Reader and Acrobat Software
The affected Adobe products include the following:
**Adobe Acrobat Reader versions earlier than 11.0 are affected if installed on an affected version.
**Adobe Acrobat Reader DC versions earlier than 15.006.30629 are affected if installed on an affected version.
**Adobe Acrobat XMP versions earlier than 3.2 are affected if installed on an affected version.
**Adobe Connect versions earlier than 5.0.9335.287 are also impacted if installed on an affected version of Windows or Mac OS X, or any Pacific Standard Time zone version of Adobe Connect before 7/17/2015 with Service Pack 2 or later, when connected to a vulnerable system with a vulnerable Adobe Reader (11 or later) or Acrobat (11 or later) program running in the background.
**Adobe Digital Publishing versions earlier than 2.0 are also impacted if installed on an affected version of Windows or Mac OS X, when connected to a vulnerable system with a vulnerable Adobe Reader (11 or later) program running in the background, and the vulnerability is not mitigated by other methods such as disabling JavaScript in your browser settings and/or configuring your browser to make use of TLS 1.2 for secure connections to https://www.adobeformacostore-us1-ssl3-ssl4-ssl5-prod-services-professionalaccessoriesccsstorefrontsalescommissioncenterandpdxhqfinancecomsites
What is the Adobe Product Detection Tool?
The Adobe Product Detection Tool is a web application that helps you determine whether or not your installed applications are affected.
This tool will help you determine which programs on your computer have been altered by the exploit and which ones still need to be updated.
It is currently recommended that users of Acrobat Pro DC and Acrobat Reader DC update their software immediately.
What is the Trending Topic? CVE-2022-38410
In addition, Adobe applications are affected if they are installed on an affected version. Adobe Acrobat Reader versions earlier than 11.0 are affected if installed on an affected version. Adobe XMP Panels version earlier than 3.2 are affected if installed on an affected version. Adobe Connect versions earlier than 5.0.9335.287 are affected if installed on an affected version. Adobe AIR versions earlier than 20.0.0.198 are affected if installed on an affected version. Adobe Animate versions earlier than 18.0.0.198 are affected if installed on an affected version. Adobe Digital Publishing versions earlier than 2.0.0 are affected if installed on an affected version
Recommendations
Adobe recommends users update as soon as possible. They recommend upgrading to Adobe Acrobat Reader version 11.0 or later, Adobe XMP Panels version 3.2 or later, and Adobe Connect versions 5.0.9335.287 or later, Adobe AIR 20.0 or later, and Adobe Digital Publishing 2.0 or later versions of software if you use any of these applications to view PDF files, share documents using Adobe Creative Cloud Desktop App, upload documents using the Mobile Application Platform (MAPI), create forms in Acrobat or Fillable Forms apps, access files from your device using the Mobile Application Platform (MAPI), collaborate with others on shared files in Acrobat or Fillable Forms apps, edit personal information stored in digital form such as certificates and ID cards, sign contracts digitally online using DigitalDocuments Sign & Seal service for Acrobat Pro DC and/or Acrobat Standard DC products earlier than 15.1 on Windows systems (not impacted by CVE-2018-4878). They recommend upgrading to Adobe Device Central version 2.0 or later versions of software if you use any of these applications to manage devices connected to your system if you use any of these applications to manage a device linked to your Creative Cloud account if you use any of these applications do manage photo libraries linked to your account if you have an affected version installed on an affected operating system.
Timeline
Published on: 09/16/2022 17:15:00 UTC
Last modified on: 09/20/2022 18:29:00 UTC