PT-2021-17877 · Adobe · Acrobat Reader
Published
2021-02-09
·
Updated
2021-09-08
·
CVE-2021-28545
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Acrobat Reader DC versions 2020.013.20074 and earlier
Acrobat Reader DC versions 2020.001.30018 and earlier
Acrobat Reader DC versions 2017.011.30188 and earlier
Description:
A missing support for integrity check issue allows an unauthenticated attacker to manipulate data in a certified PDF without invalidating the original certification. This can also enable the attacker to show arbitrary content in a certified PDF. Exploitation requires user interaction, where a victim must open the tampered file.
Recommendations:
For versions 2020.013.20074 and earlier, update to a version that includes support for an integrity check to prevent data manipulation in certified PDFs.
For versions 2020.001.30018 and earlier, update to a version that includes support for an integrity check to prevent data manipulation in certified PDFs.
For versions 2017.011.30188 and earlier, update to a version that includes support for an integrity check to prevent data manipulation in certified PDFs.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader