CVE-2024-34122

CVE Database · CVE-2024-34122

CVE-2024-34122

· HIGHModified

CVSS v3.1

7.8

EPSS

0.32%

Published

Jul 2, 2024

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-125

Affected Products (2)

adobe · acrobatvulnerable

microsoft · edge_chromium (up to 126.0.2592.81)

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs