CVE-2023-26417: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability, identified as CVE-2023-26417. The vulnerability was discovered on February 22, 2023, and publicly disclosed on April 12, 2023. This security flaw affects both Adobe Acrobat and Adobe Reader applications across their Classic and Continuous release tracks (NVD, Adobe Advisory).

The vulnerability is classified as a Use After Free (CWE-416) issue that specifically exists within the handling of Annotation objects that have the Popup property. The flaw stems from the lack of validation for object existence prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could potentially execute malicious code with the same privileges as the application, potentially compromising the affected system (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions available through the official Adobe update channels (Adobe Advisory).