CVE-2023-29320: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2023-29320 is a Violation of Secure Design Principles vulnerability affecting Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier). The vulnerability was discovered by AbdulAziz Hariri of Haboob SA and was publicly disclosed on August 8, 2023 (Adobe Advisory, ZDI Advisory).

The vulnerability exists within the handling of Net objects, where the application does not adequately restrict access to a protected API. This allows attackers to bypass the API blacklisting feature. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Acrobat Reader application (NVD).

Adobe has released security updates to address this vulnerability. Users should update their Adobe Acrobat Reader installations to the latest version to mitigate this security risk (Adobe Advisory).