CVE-2021-39859

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to 2021.005.20060 Adobe Acrobat Reader versions prior to 2021.005.20060 Adobe Acrobat 2017 versions prior to 2017.011.30199 Adobe Acrobat Reader 2017 versions prior to 2017.011.30199 Adobe Acrobat 2020 versions prior to 2020.004.30006 Adobe Acrobat Reader 2020 versions prior to 2020.004.30006

Description The issue is related to a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This could allow a remote attacker to execute arbitrary code.

Recommendations For Adobe Acrobat and Reader versions prior to 2021.005.20060, update to a version later than 2021.005.20060. For Adobe Acrobat and Reader 2017 versions prior to 2017.011.30199, update to a version later than 2017.011.30199. For Adobe Acrobat and Reader 2020 versions prior to 2020.004.30006, update to a version later than 2020.004.30006. As a temporary workaround, consider avoiding the opening of malicious files until a patch is available.