9VSA22-00658-01 CSIRT alerta de nuevas vulnerabilidades en productos Adobe

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información compartida por Adobe sobre nuevas vulnerabilidades que afectan a algunos de sus productos.

Vulnerabilidades

CVE-2022-30664

CVE-2022-28839

CVE-2022-28840

CVE-2022-28841

CVE-2022-28842

CVE-2022-28843

CVE-2022-28844

CVE-2022-28845

CVE-2022-28846

CVE-2022-28847

CVE-2022-28848

CVE-2022-28849

CVE-2022-30650

CVE-2022-30651

CVE-2022-30658

CVE-2022-30659

CVE-2022-30661

CVE-2022-30662

CVE-2022-30663

CVE-2022-30665

CVE-2022-30660

CVE-2022-30652

CVE-2022-30653

CVE-2022-30654

CVE-2022-30655

CVE-2022-30656

CVE-2022-30657

CVE-2022-28850

CVE-2022-30637

CVE-2022-30638

CVE-2022-30639

CVE-2022-30640

CVE-2022-30641

CVE-2022-30642

CVE-2022-30643

CVE-2022-30644

CVE-2022-30645

CVE-2022-30646

CVE-2022-30647

CVE-2022-30648

CVE-2022-30649

CVE-2022-30666

CVE-2022-30667

CVE-2022-30668

CVE-2022-30669

CVE-2022-30670

Impacto

Vulnerabilidades de riesgo crítico:

CVE-2022-30664: Vulnerabilidad de ejecución arbitraria de código en Adobe Animate.

CVE-2022-28839 y de CVE-2022-28841 a CVE-2022-28849: Vulnerabilidades de ejecución arbitraria de código en Adobe Bridge.

CVE-2022-28840: Vulnerabilidad de escritura arbitraria en el sistema de archivos en Adobe Bridge.

CVE-2022-30637 a CVE-2022-30649: Vulnerabilidades de ejecución arbitraria de código en Adobe Illustrator.

CVE-2022-30650 a CVE-2022-30663 y CVE-2022-30665: Vulnerabilidades de ejecución arbitraria de código en Adobe InCopy.

Productos afectados

Adobe Animate 22.0.5 y anteriores.

Adobe Bridge 12.0.1 y anteriores.

Adobe Illustrator 2022 26.0.2 y anteriores.

Adobe Illustrator 2021 25.4.5 y anteriores.

Adobe InCopy 17.2 y anteriores.

RoboHelp Server 11

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://helpx.adobe.com/security/products/animate/apsb22-24.html

https://helpx.adobe.com/security/products/bridge/apsb22-25.html

https://helpx.adobe.com/security/products/illustrator/apsb22-26.html

https://helpx.adobe.com/security/products/incopy/apsb22-29.html

https://helpx.adobe.com/security/products/indesign/apsb22-30.html

https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30664

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28839

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28840

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28841

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28842

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28843

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28844

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28845

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28846

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28847

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28848

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28849

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30650

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30651

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30658

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30659

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30661

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30662

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30663

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30665

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30660

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30652

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30653

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30654

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30655

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30656

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30657

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28850

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30637

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30638

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30638

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30640

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30641

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30642

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30643

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30644

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30645

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30646

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30648

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30649

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30666

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30667

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30668

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30669

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30670

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00658-01.