CVE-2022-44518: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-44518) was discovered in Adobe Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier), and 17.012.30205 (and earlier). This vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically opening a malicious file (Adobe Advisory).

The vulnerability is classified as a use-after-free (CWE-416) issue with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), and the impact can affect confidentiality, integrity, and availability (C:H/I:H/A:H) (Adobe Advisory).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code in the context of the current user. This could potentially lead to complete system compromise at the user's privilege level (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are recommended to update their software installations to the latest versions through the Help > Check for Updates menu in the application, or by downloading the full installer from the Acrobat Reader Download Center. For IT administrators in managed environments, updates can be deployed via preferred methodologies such as AIP-GPO, bootstrapper, SCUP/SCCM for Windows, or Apple Remote Desktop and SSH for macOS (Adobe Advisory).