Violation of Secure Design Principles

CVE-2023-29320

High

7.8/10

Summary

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-657 - Violation of Secure Design Principles

The product violates well-established principles for secure design.

References

Advisory Timeline

Published Aug 10, 2023

Violation of Secure Design Principles

CVE-2023-29320

Summary

CWE-657 - Violation of Secure Design Principles

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS