CVE-2022-24104: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier), and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability. The vulnerability was reported on December 15, 2021, and was publicly disclosed on April 28, 2022. This security flaw specifically affects the handling of Annotation objects in Adobe Acrobat Reader DC (ZDI Advisory, Adobe Security).

The vulnerability is classified as a use-after-free flaw that exists within the handling of Annotation objects. The specific issue stems from the lack of validation regarding the existence of an object prior to performing operations on it. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The impact is significant as it could allow attackers to execute malicious code with the same privileges as the user running the Adobe Acrobat Reader DC application (CVE Mitre).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat Reader DC installations to the latest version available through the official Adobe security bulletin (Adobe Security).