Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2024-45112

High

7.8/10

Summary

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

Advisory Timeline

Published Sep 13, 2024

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2024-45112

Summary

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS