CVE-2022-23186 Illustrator versions 25.4.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe recommends users update their application to version 26.0.1. Adobe recommends enterprise users confirm they have applied the patch for version 26.0.1 installed on their systems. The updated version 26.0.1 was released on March 12, 2018. Exploitation details In order to exploit this vulnerability, an attacker must entice an end user to open the malicious file.

An attacker can induce an end user to open the malicious file by any means necessary. The information in the following table details the probability of exploitation, depending on the method an attacker uses to deliver the malicious file to the targeted user. For the majority of cases, Exploiting CVE-2018-5999 depends on the user opening the malicious file or clicking on a link containing it. The table below compares the probability of exploitation for the different method of attack. Attack vector Ponential probability Exploit code via email Low ( ~10%) Exploits via drive-by-download Medium ( ~20%) Exploits via social media Low ( ~10%) Exploiting via In-Web-Page Low ( ~10%) Exploiting via In-Content Low ( ~10%) Exploiting via In-URL Medium ( ~20%) - Exploiting via In-Embedded Medium ( ~20%) Exploiting via In-Office-sharing Medium ( ~20%) Exploiting via In-Print Medium ( ~20%) Exploiting via In-URL Medium ( ~20

CVE-2018-5997

: Adobe Acrobat Reader Security Update
Adobe released a security update on March 12, 2018 fixing CVE-2018-5999. The update fixes vulnerabilities that could allow an attacker to execute arbitrary code.

Adobe In-Browser Exploitation Details

The exploits are similar to a drive-by-download in that the malicious file is hosted on a website to which the user must navigate to load. The exploit code is usually delivered via social media, such as Twitter, Facebook, and Instagram.
If you are using an operating system that does not have Adobe Flash Player installed, please install it from the Microsoft Windows Update website. If you use an operating system that does not already have this application installed, please follow the instructions below:

Adobe Digital Publishing Platform (DPP)

The Adobe Digital Publishing Platform (DPP) is an enterprise-level tool for digital publishing. DPP supports a wide variety of digital publishing functions, including content management, digital rights management, analytics and reporting, and various forms of workflow automation. DPP provides capabilities for managing digital publications across a range of devices and platforms.

A critical vulnerability was reported in the Adobe Digital Publishing Platform (DPP) software on March 12th, 2018. This vulnerability could allow privilege escalation due to an unchecked command injection vulnerability that affects all versions of the software from version 23 through 26.

Timeline

Published on: 02/16/2022 17:15:00 UTC
Last modified on: 02/24/2022 03:08:00 UTC

References

• https://helpx.adobe.com/security/products/illustrator/apsb22-07.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23186