CVE-2022-34223: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier), and 17.012.30229 (and earlier) were identified with a Use After Free vulnerability, tracked as CVE-2022-34223. The vulnerability was discovered by researchers Suyue Guo and Wei You from Renmin University of China, working with Trend Micro Zero Day Initiative. The issue was first recorded on June 21, 2022, and Adobe released security updates in August 2022 (Adobe Security, NVD Database).

The vulnerability is classified as a Use After Free (UAF) condition in Adobe Acrobat Reader. This type of vulnerability occurs when the program continues to use a memory pointer after it has been freed, which can lead to arbitrary code execution in the context of the current user. Importantly, exploitation of this vulnerability requires user interaction, specifically requiring a victim to open a malicious file (MITRE CVE).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Acrobat Reader application (Fortiguard IPS).

Adobe addressed this vulnerability through security updates released in their August 2022 security bulletin. Users are advised to update their Adobe Acrobat Reader installations to the latest version available through the standard update channels (Adobe Security).