PT-2021-17878 · Adobe · Acrobat Reader
Published
2021-02-09
·
Updated
2021-09-14
·
CVE-2021-28546
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Acrobat Reader DC versions 2020.013.20074 and earlier
Acrobat Reader DC versions 2020.001.30018 and earlier
Acrobat Reader DC versions 2017.011.30188 and earlier
Description:
The issue is related to a missing support for an integrity check, which could allow an unauthenticated attacker to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction, as a victim must open the tampered file.
Recommendations:
For versions 2020.013.20074 and earlier, update to a version that includes support for an integrity check to prevent modification of certified PDF content.
For versions 2020.001.30018 and earlier, update to a version that includes support for an integrity check to prevent modification of certified PDF content.
For versions 2017.011.30188 and earlier, update to a version that includes support for an integrity check to prevent modification of certified PDF content.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader