CVE-2023-21607: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Improper Input Validation vulnerability (CVE-2023-21607) that could result in arbitrary code execution in the context of the current user. The vulnerability was discovered in October 2022 and publicly disclosed on January 18, 2023. Exploitation requires user interaction, specifically opening a malicious file (Adobe Advisory, NVD).

The vulnerability exists within the processing of embedded fonts in Adobe Acrobat Reader. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local attack vector, low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability (ZDI Advisory, Adobe Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current user. Given the high CVSS impact scores for confidentiality, integrity, and availability, successful exploitation could lead to complete compromise of the affected system within the scope of the user's privileges (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users should update to the latest version of Adobe Acrobat Reader. The fix was released as part of Adobe's security bulletin APSB23-01 (Adobe Advisory).