• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-24091(2)- New RCE Vulnerabilities In Adobe Acrobat Reader DC
How to Fix CVE-2022-24091(2)- New RCE Vulnerabilities in Adobe Acrobat Reader DC

Abode has disclosed a couple of new RCE vulnerability in Acrobat Reader affecting both macOS and Windows. Successful exploitation of these vulnerabilities can lead to arbitrary code execution, application denial of service, memory leak, privilege escalation, and security feature bypass. There is a need to fix this vulnerability. This article will show you how to fix CVE-2022-24091 (2), RCE vulnerability in Adobe Acrobat Reader.

User interaction is needed to exploit this vulnerability in a way that the target must open a malicious file or visit a malicious page. The flaw exists within the embedded font parsing. This problem exists due to a lack of proper validation of user data, resulting in a write past end of an allocated buffer. Attackers can use this vulnerability to execute malicious code in the context of the current process.

Adobe Acrobat Reader DC

Adobe Acrobat Reader is a free cross-platform allowing users to create, view, collaborate, sign, and annotate PDF files. It’s an essential PDF tool that can convert any document virtually to PDF format while preserving the form and content of the original file.

Moreover, it gives the ability to create and edit images and texts in PDF documents. Adobe Acrobat Reader is an advanced version of the Adobe Reader with additional functionalities, such as the ability to scan a paper document.

Summary Of The New RCE Vulnerabilities In Adobe Acrobat Reader- CVE-2022-24091(2):

CVE-2022-24091(2) remote code execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. It exists within the parsing of embedded fonts.

Associated CVE IDCVE-2022-24091(2)
DescriptionRCE Vulnerabilities in Adobe Acrobat Reader DC
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Version Affected By These RCE Vulnerabilities:

Here is the list of versions affected by CVE-2022-24091 (2) Remote Code Execution Vulnerability.

Product TrackAffected VersionsPlatforms
Acrobat DCContinuous21.007.20099 and earlier versionsWindows
Acrobat Reader DCContinuous21.007.20099 and earlier versionsWindows
Acrobat DCContinuous21.007.20099 and earlier versionsmacOS
Acrobat Reader DCContinuous21.007.20099 and earlier versionsmacOS
Acrobat 2017Classic 201717.011.30204  and earlier versionsWindows & macOS
Acrobat Reader 2017Classic 201717.011.30204  and earlier versionsWindows & macOS
Acrobat 2020Classic 202020.004.30017 and earlier versionsWindows & macOS
Acrobat Reader 2020Classic 202020.004.30017 and earlier versionsWindows & macOS

How To Fix CVE-2022-24091(2)- New RCE Vulnerabilities In Adobe Acrobat Reader DC?

This section will discuss how to fix CVE-2022-24091 (2), RCE vulnerabilities in Adobe Acrobat Reader. Adobe categorized the following updates with these priority ratings and recommends updating to the latest versions.

ProductUpdated VersionPlatformPriority Rating
Acrobat DC21.011.20039Windows & macOS2
Acrobat Reader DC21.011.20039Windows & macOS2
Acrobat 201717.011.30207Windows & macOS2
Acrobat Reader 201717.011.30207Windows & macOS2
Acrobat 202020.004.30020Windows & macOS2
Acrobat Reader 202020.004.30020Windows & macOS2

Adobe Recommends Software Installation Updates To The Latest Versions Using The Following Instructions.

The product version is available to users through one of the following methods.

  1. For Individuals
  • The product will automatically update without requiring user intervention after detecting the updates.
  • Users can manually update product installations by selecting Help > Check for Updates.
  • The Acrobat Reader installer can be downloaded here.

2. For IT administrators:

  • Refer to particular release note version for installer links.
  • Push the updates through your preferred methodologies, such as bootstrapper, AIP-GPO, SCUP/SCCM, or on macOS, Remote Desktop, and SSH.

Time needed: 10 minutes.

How to Update Adobe Acrobat manually?

  1. Check for Updates

    Launch application then go to Help > Check for updates.check-for-updates.png.img

  2. Download the updates

    You will see Download and Install button enabled if there are updates available.update-available.png.img

  3. Close the program

    Upon the completion of download process, you may see a prompt to close the application as shown here. close Acrobat and click Retry.update-retry.png.img

  4. Install the updates

    You will see “Update Successful!” message upon the completion of the update. Close the app. That’s the end of the manual upgrade process.update-successful.png.img

We hope this post will help you know How to Fix CVE-2022-24091(2)- New RCE Vulnerabilities in Adobe Acrobat Reader DC. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.