PT-2021-2314 · Adobe · Acrobat Reader+1

Published

2021-02-09

Updated

2021-09-08

CVE-2021-21041

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acrobat Reader DC versions 2020.013.20074 and earlier Acrobat Reader DC versions 2020.001.30018 and earlier Acrobat Reader DC versions 2017.011.30188 and earlier Adobe Acrobat versions prior to the fixed version

Description The issue is related to a use-after-free vulnerability that allows an unauthenticated attacker to execute arbitrary code in the context of the current user. This can be achieved by leveraging the vulnerability with a specially crafted PDF file, which requires user interaction, such as opening a malicious file.

Recommendations For Acrobat Reader DC versions 2020.013.20074 and earlier, update to a version later than 2020.013.20074 to resolve the issue. For Acrobat Reader DC versions 2020.001.30018 and earlier, update to a version later than 2020.001.30018 to resolve the issue. For Acrobat Reader DC versions 2017.011.30188 and earlier, update to a version later than 2017.011.30188 to resolve the issue. For Adobe Acrobat, update to the fixed version to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2021-01549

CVE-2021-21041

Affected Products

Acrobat Reader

Acrobat

PT-2021-2314 · Adobe · Acrobat Reader+1

CVE-2021-21041

Weakness Enumeration

Related Identifiers

Affected Products

References · 7