CVE-2023-26425 – Adobe Acrobat Reader versions 23.001.20093 and ... (How to Fix)

Q: What is the severity of CVE-2023-26425?

CVE-2023-26425 has a CVSS score of 7.8 (HIGH). Adobe Acrobat Reader versions 23.001.20093 and earlier, and 20.005.30441 and earlier, contain an out-of-bounds read vulnerability when parsing malicious PDF files. An attacker could exploit this to execute arbitrary code with the privileges of the current user. Exploitation requires user interaction, such as opening a malicious file.

📋 TL;DR

Adobe Acrobat Reader versions 23.001.20093 and earlier, and 20.005.30441 and earlier, contain an out-of-bounds read vulnerability when parsing malicious PDF files. An attacker could exploit this to execute arbitrary code with the privileges of the current user. Exploitation requires user interaction, such as opening a malicious file.

💻 Affected Systems

Products:

Adobe Acrobat Reader DC
Adobe Acrobat Reader

Versions: 23.001.20093 and earlier, 20.005.30441 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Requires user to open a malicious PDF file.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Limited code execution in user context, potentially enabling malware installation or credential theft from the affected user account.

🟢

If Mitigated

No impact if users avoid opening untrusted PDF files or if security controls block malicious files.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.001.20174 and later for continuous track, 20.005.30516 and later for classic track

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb23-24.html

Restart Required: Yes

Instructions:

1. Open Adobe Acrobat Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart computer after installation.

🔧 Temporary Workarounds

Disable JavaScript in Adobe Reader

all

Prevents JavaScript-based exploitation vectors

Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

Use Protected View for untrusted files

all

Opens files in sandboxed mode by default

Edit > Preferences > Security (Enhanced) > Check 'Enable Protected View at startup'

🧯 If You Can't Patch

Block PDF files from untrusted sources at email/web gateways
Implement application whitelisting to prevent unauthorized PDF readers

🔍 How to Verify

Check if Vulnerable:

Check Adobe Reader version: Help > About Adobe Acrobat Reader DC

Check Version:

Windows: wmic product where name="Adobe Acrobat Reader DC" get version

Verify Fix Applied:

Verify version is 23.001.20174 or higher (continuous) or 20.005.30516 or higher (classic)

📡 Detection & Monitoring

Log Indicators:

Adobe Reader crash logs with memory access violations
Windows Event Logs: Application crashes from AcroRd32.exe

Network Indicators:

Unusual outbound connections after opening PDF files
Downloads of suspicious PDF files from external sources

SIEM Query:

source="*acrobat*" AND (event_id=1000 OR event_id=1001) AND process_name="AcroRd32.exe"

📊 Metadata

CVE ID: CVE-2023-26425

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: April 12, 2023

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/acrobat/apsb23-24.html Vendor Advisory
https://helpx.adobe.com/security/products/acrobat/apsb23-24.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26425, you might also want to check these: