A vulnerability exists in Adobe FrameMaker versions 2022.8 and earlier, related to an untrusted search path that could enable attackers to execute arbitrary code in the context of the current user. The vulnerability arises because the application may use a search path to find essential resources, such as programs. An attacker could potentially alter this search path to direct the application to a malicious program, which would then be executed. Notably, exploitation of this vulnerability does not require user interaction.
Successful exploitation allows for arbitrary code execution on the affected system, with the executed code running in the context of the current user.
Users are advised to update to Adobe FrameMaker 2026 or Adobe FrameMaker 2022 Update 9. Instructions for downloading these versions are available in the Adobe FrameMaker Tech Note.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
