CVE-2021-44706

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to 21.007.20099 Adobe Acrobat Reader versions prior to 21.007.20099 Adobe Acrobat 2017 versions prior to 17.011.30204 Adobe Acrobat Reader 2017 versions prior to 17.011.30204 Adobe Acrobat 2020 versions prior to 20.004.30017 Adobe Acrobat Reader 2020 versions prior to 20.004.30017

Description The issue is related to a use-after-free vulnerability in the processing of Format event actions, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This allows an attacker to execute arbitrary code.

Recommendations For Adobe Acrobat versions prior to 21.007.20099, update to version 21.007.20099 or later to resolve the issue. For Adobe Acrobat Reader versions prior to 21.007.20099, update to version 21.007.20099 or later to resolve the issue. For Adobe Acrobat 2017 versions prior to 17.011.30204, update to version 17.011.30204 or later to resolve the issue. For Adobe Acrobat Reader 2017 versions prior to 17.011.30204, update to version 17.011.30204 or later to resolve the issue. For Adobe Acrobat 2020 versions prior to 20.004.30017, update to version 20.004.30017 or later to resolve the issue. For Adobe Acrobat Reader 2020 versions prior to 20.004.30017, update to version 20.004.30017 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Format event actions in Adobe Acrobat and Reader until a patch is available.