CVE-2021-44739

Name of the Vulnerable Software and Affected Versions Acrobat Reader DC ActiveX Control versions 17.011.30204 and earlier Acrobat Reader DC ActiveX Control versions 20.004.30017 and earlier Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier Adobe Acrobat 2017 and Adobe Acrobat Reader 2017 Adobe Acrobat 2020 and Adobe Acrobat Reader 2020

Description The issue is related to an Information Disclosure vulnerability that could allow an unauthenticated attacker to obtain NTLMv2 credentials. Exploitation requires user interaction, such as opening a maliciously crafted Microsoft Office file or visiting an attacker-controlled web page. This vulnerability may allow attackers to escalate privileges.

Recommendations For Acrobat Reader DC ActiveX Control versions 17.011.30204 and earlier, update to a version later than 17.011.30204. For Acrobat Reader DC ActiveX Control versions 20.004.30017 and earlier, update to a version later than 20.004.30017. For Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier, update to a version later than 21.007.20099. For Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, consider disabling the ability to open Microsoft Office files until a patch is available. For Adobe Acrobat 2020 and Adobe Acrobat Reader 2020, restrict access to web pages that could potentially exploit this issue until a fix is applied.