CVE-2021-28550

Name of the Vulnerable Software and Affected Versions Adobe Acrobat and Reader versions 2017.011.30194 through 2021.001.20150 Adobe Acrobat and Reader versions 2020.001.30020 through 2021.001.20150

Description The software contains a use-after-free flaw that could allow a remote attacker to execute arbitrary code within the context of the current user. Exploitation of this issue requires a user to open a specially crafted PDF file. The vulnerability has been used to deliver a reverse shell payload, which drops a backdoor file to a temporary directory and connects back to an attacker's server on port 443. Tools like pdfid and pdf-parser can be used to analyze PDFs for suspicious JavaScript, embedded files, or actions. The vulnerability affects Windows and macOS systems.

Recommendations Update Adobe Acrobat and Reader to a version later than 2021.001.20150. Update Adobe Acrobat and Reader to a version later than 2020.001.30020. Update Adobe Acrobat and Reader to a version later than 2017.011.30194.