CVE-2021-39856

Name of the Vulnerable Software and Affected Versions Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier) Acrobat Reader DC ActiveX Control versions 2020.004.30006 (and earlier) Acrobat Reader DC ActiveX Control versions 2017.011.30199 (and earlier)

Description The issue is related to an Information Disclosure vulnerability that could allow an unauthenticated attacker to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction, where a victim must visit an attacker-controlled web page. This vulnerability may also allow attackers to read arbitrary files from the file system.

Recommendations For versions 2021.005.20060 and earlier, update to a version later than 2021.005.20060 to resolve the issue. For versions 2020.004.30006 and earlier, update to a version later than 2020.004.30006 to resolve the issue. For versions 2017.011.30199 and earlier, update to a version later than 2017.011.30199 to resolve the issue. As a temporary workaround, consider restricting access to the NTLMv2 credentials until a patch is available. Avoid using the vulnerable Adobe Acrobat and Reader software to open untrusted PDF files until the issue is resolved.