CVE-2022-28837: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2022-28837 is a vulnerability discovered in Adobe Acrobat and Reader for Windows and macOS. The vulnerability was reported on March 30, 2022, and publicly disclosed on May 10, 2022. The issue specifically affects Adobe Acrobat Pro DC and is related to the handling of Doc objects (ZDI Advisory, Adobe Security).

The vulnerability is a Use-After-Free Information Disclosure flaw that exists within the handling of Doc objects, specifically in the buttonSetIcon functionality. The issue stems from the lack of validation for object existence prior to performing operations. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity (ZDI Advisory).

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information. The vulnerability requires user interaction, specifically requiring the target to visit a malicious page or open a malicious file. When combined with other vulnerabilities, an attacker could potentially execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat and Reader as detailed in the security bulletin APSB22-16 (Adobe Security).