CVE-2022-28247

MEDIUM

Adobe Acrobat DC < 22.001.20085 - Uncontrolled Search Path

Title source: rule

Description

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb22-16.html

Scores

CVSS v3 6.7

EPSS 0.0031

EPSS Percentile 53.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (4)

adobe/acrobat_dc < 22.001.20085

adobe/acrobat_reader_dc < 22.001.20085

adobe/acrobat < 17.012.30205

adobe/acrobat_reader < 17.012.30205

Timeline

Published May 11, 2022

Tracked Since Feb 18, 2026