CVE-2021-44702

Name of the Vulnerable Software and Affected Versions Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier Acrobat Reader DC ActiveX Control versions 20.004.30017 and earlier Acrobat Reader DC ActiveX Control versions 17.011.30204 and earlier Adobe Acrobat 2017 (affected versions not specified) Adobe Acrobat Reader 2017 (affected versions not specified) Adobe Acrobat Document Cloud (affected versions not specified) Adobe Acrobat Reader Document Cloud (affected versions not specified)

Description The issue is related to an information disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction, where a victim must visit an attacker-controlled web page. This vulnerability may also allow attackers to escalate privileges.

Recommendations For Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier, update to a version later than 21.007.20099 to resolve the issue. For Acrobat Reader DC ActiveX Control versions 20.004.30017 and earlier, update to a version later than 20.004.30017 to resolve the issue. For Acrobat Reader DC ActiveX Control versions 17.011.30204 and earlier, update to a version later than 17.011.30204 to resolve the issue. For Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat Document Cloud, and Adobe Acrobat Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.