Adobe Bridge Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-22228

7.8HIGH

Key Information:

Vendor: Adobe
Status: Bridge
Vendor: CVE Published:; 17 February 2023

Summary

Adobe Bridge versions up to 13.0.1 and 12.0.3 are susceptible to an improper input validation vulnerability. This flaw may allow attackers to execute arbitrary code through crafted files, but successful exploitation necessitates the target user to interact with the malicious file. It underscores the importance of cautious file handling and maintaining up-to-date software to mitigate potential security risks.

Affected Version(s)

Bridge <= 12.0.3

Bridge <= 13.0.1

Bridge <= unspecified

References

https://helpx.adobe.com/security/products/bridge/apsb23-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Dec 19, 2022

Collectors

NVD DatabaseMitre Database