CVE-2023-44372: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

A Use After Free vulnerability (CVE-2023-44372) was discovered in Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier). The vulnerability was disclosed on November 14, 2023, and affects both Windows and macOS operating systems. This security issue requires user interaction, specifically opening a malicious PDF file, to be exploited (NVD).

The vulnerability exists in the page event processing functionality of Adobe Acrobat Reader, specifically when handling pages containing U3D objects. The issue occurs due to improper management of object lifetimes, where a previously freed object is reused without validation. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (Talos).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. The vulnerability could potentially be abused for arbitrary read and write access to memory, which could ultimately lead to code execution with the privileges of the targeted user (Talos).

Adobe has released security updates to address this vulnerability. Users should update to the latest version of Adobe Acrobat and Reader to mitigate this security risk (Adobe Security).