this release includes a security fix that addresses a vulnerability in adobe acrobat xi pro that could result in a denial-of-service (dos) attack. this is addressed by automatically disabling tools used by the application while the release is being installed.
this release includes a security fix that addresses a vulnerability in the configuration settings for acrobat x pro. this is addressed by automatically disabling tools used by the application while the release is being installed.
if you're using acrobat xi pro, however, and you're still having trouble, you may want to try an older version of acrobat. if you're using the 10.0.22 version, you'll want to go to this page to check the version you're using. then, go to the 10.23 version. unfortunately, adobe doesn't seem to have an older version of acrobat xi.
if you have a supported version of adobe acrobat xi pro, and are running windows 7, windows server 2008 r2, windows server 2012, or a supported version of microsoft windows, please click here to download the hotfix.
the vulnerability requires an adobe acrobat xi pro database to be modified. the patch corrects a vulnerability in the shared library acroexch.dll, which could allow an attacker to execute arbitrary code with the privileges of the acrobat user.
cvss is a standard that defines a set of metrics that gives a numeric value, from 0-10, to a vulnerability based on its severity. the cvssv3 score is defined by the base score (bs) along with four enhancement factors (efs) that determine the impact and likelihood of a successful exploit. the base score is a number between 0 and 10 that represents the severity of the vulnerability. the base score is modified by two additional values, the confidence level (cl) and the affinity. the confidence level is a number between 0 and 10 that represents how confident adobe is that a successful exploit for the vulnerability exists. the affinity is a number between 1 and 10 that represents the likelihood of a successful exploit. 3d9ccd7d82