CVE-2021-44714

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to the fixed version Adobe Acrobat Reader versions prior to the fixed version Adobe Acrobat 2017 versions prior to the fixed version Adobe Acrobat Reader 2017 versions prior to the fixed version Adobe Acrobat 2020 versions prior to the fixed version Adobe Acrobat Reader 2020 versions prior to the fixed version Acrobat Reader DC versions 21.007.20099 and earlier Acrobat Reader DC versions 20.004.30017 and earlier Acrobat Reader DC versions 17.011.30204 and earlier

Description The issue is related to a violation of secure design principles, which could allow an attacker to bypass security features and potentially disclose protected information. In affected versions of Acrobat Reader DC, a warning message is displayed when a user clicks on a PDF file, but this message does not include custom protocols when used by the sender, which could be used by an attacker to mislead the user. User interaction is required to exploit this issue, as the user would need to click 'allow' on the warning message of a malicious file.

Recommendations For Adobe Acrobat and Adobe Acrobat Reader, update to a version that includes the fix for this issue. For Acrobat Reader DC version 21.007.20099 and earlier, update to a version that includes the fix for this issue. For Acrobat Reader DC version 20.004.30017 and earlier, update to a version that includes the fix for this issue. For Acrobat Reader DC version 17.011.30204 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the display of warning messages for custom protocols in Acrobat Reader DC until a patch is available.