PT-2021-2307 · Adobe · Acrobat+1
Published
2021-02-09
·
Updated
2022-10-21
·
CVE-2021-21045
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Acrobat Reader DC versions 2020.013.20074 and earlier
Adobe Acrobat Reader DC versions 2020.001.30018 and earlier
Adobe Acrobat Reader DC versions 2017.011.30188 and earlier
Adobe Acrobat versions prior to the fixed version
Description
The issue is related to improper access control in Adobe Reader and Acrobat. It allows a remote attacker to elevate privileges in the context of the current user by using a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to gain elevated privileges.
Recommendations
For Adobe Acrobat Reader DC versions 2020.013.20074 and earlier, update to a version later than 2020.013.20074 to resolve the issue.
For Adobe Acrobat Reader DC versions 2020.001.30018 and earlier, update to a version later than 2020.001.30018 to resolve the issue.
For Adobe Acrobat Reader DC versions 2017.011.30188 and earlier, update to a version later than 2017.011.30188 to resolve the issue.
For Adobe Acrobat, update to the fixed version to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Acrobat Reader