CVE-2022-28822: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2019u8 (and earlier) and 2020u4 (and earlier) were affected by an out-of-bounds write vulnerability identified as CVE-2022-28822. The vulnerability was disclosed on May 13, 2022, and requires user interaction through opening a malicious file to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. The CVSS v3.0 base score is 7.8 (High), with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user, potentially leading to complete system compromise with the same privileges as the affected user (NVD).

Adobe has addressed this vulnerability in updates for affected versions of Framemaker. Users of versions 2019u8 (and earlier) and 2020u4 (and earlier) should update to the latest version of the software (Adobe Advisory).