CVE-2024-34122
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in Acrobat for Edge that could allow an attacker to execute arbitrary code in the context of the current user. Users of Acrobat for Edge versions 126.0.2592.68 and earlier are affected when opening malicious files. The vulnerability requires user interaction through opening a crafted file.
💻 Affected Systems
- Acrobat for Edge
📦 What is this software?
Acrobat by Adobe
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Limited code execution within the Acrobat for Edge process, potentially allowing data exfiltration or installation of additional malware.
If Mitigated
No impact if users don't open untrusted files and proper application sandboxing is in place.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and successful exploitation depends on memory layout and mitigations like ASLR/DEP.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 126.0.2592.81 or later (check Microsoft advisory for exact version)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click Settings (three dots) > Help and feedback > About Microsoft Edge. 3. Allow Edge to update automatically or manually check for updates. 4. Restart Edge when prompted.
🔧 Temporary Workarounds
Disable Acrobat for Edge
allTemporarily disable the Acrobat for Edge feature until patched
edge://settings/pdfReader
Toggle 'Open PDFs in Microsoft Edge' to OFF
Use alternative PDF viewer
windowsConfigure system to use a different PDF viewer for .pdf files
Right-click PDF file > Open with > Choose another app > Select alternative viewer > Check 'Always use this app'
🧯 If You Can't Patch
- Implement application control to block execution of Acrobat for Edge
- Deploy email/web filtering to block malicious PDF attachments and downloads
🔍 How to Verify
Check if Vulnerable:
Check Edge version: edge://settings/help or edge://version. If version is 126.0.2592.68 or earlier and Acrobat for Edge is enabled, system is vulnerable.Check Version:
edge://version or on command line: "msedge --version"Verify Fix Applied:
Verify Edge version is 126.0.2592.81 or later and Acrobat for Edge feature is still functional with legitimate PDFs.📡 Detection & Monitoring
Log Indicators:
- Edge crash logs with memory access violations
- Windows Event Logs: Application Error for msedge.exe with exception code 0xc0000005
Network Indicators:
- Downloads of PDF files from suspicious sources followed by Edge crashes
SIEM Query:
EventID=1000 AND SourceName='Application Error' AND ProcessName='msedge.exe' AND ExceptionCode='0xc0000005'