CVE-2023-26408: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability, identified as CVE-2023-26408. The vulnerability was discovered by AbdulAziz Hariri of Haboob SA and was publicly disclosed on April 12, 2023. This security flaw affects multiple versions of Adobe Acrobat and Acrobat Reader, including both Classic and Continuous releases (Adobe Advisory, NVD).

The vulnerability exists within the AnnotsString object and stems from insufficient control over modifications to attributes of object prototypes. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while local access and user interaction are required, the vulnerability can lead to high impacts on confidentiality, integrity, and availability (ZDI Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score reflects the significant potential impact on system security, as it could allow attackers to execute malicious code with the same privileges as the affected application (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions available through the official Adobe update channels (Adobe Advisory).