CVE-2022-28258: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat and Reader were found to contain an out-of-bounds read vulnerability, identified as CVE-2022-28258. The vulnerability was discovered in March 2022 and publicly disclosed on April 28, 2022. It affects multiple versions of Adobe Acrobat DC and Adobe Reader DC, including both Continuous and Classic versions for Windows and Macintosh platforms (ZDI Advisory, Check Point Advisory).

The vulnerability exists within the handling of Annotation objects in Adobe Acrobat and Reader. When specific actions are performed in JavaScript, an attacker can trigger a read past the end of an allocated object. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity but still significant security concern (ZDI Advisory).

Successful exploitation of this vulnerability could allow attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability through APSB22-16. Users are advised to apply the available patches to affected systems. Organizations using Check Point Security Gateway can also implement specific IPS protections to detect exploitation attempts (Check Point Advisory, Adobe Security Bulletin).