CVE-2022-35675: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability identified as CVE-2022-35675. The vulnerability was disclosed on August 9, 2022, and requires user interaction through opening a malicious file to be exploited (Adobe Advisory).

The vulnerability is classified as a Use After Free (CWE-416) issue with a CVSS v3.1 base score of 7.8 (High). The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (NVD, Lansweeper).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the affected Adobe FrameMaker application (Adobe Advisory).

Adobe has released patches to address this vulnerability. Users of Adobe FrameMaker 2019 should update to version 15.0.8, and users of FrameMaker 2020 should update to version 16.0.4. The updates are available through Adobe's official distribution channels (Lansweeper).