CVE-2021-21017
Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
In short
Acrobat Reader DC has a memory flaw that lets attackers run malicious code on your computer if you open a specially crafted PDF file. This is dangerous because it gives attackers full control over your system.
Technical detail
A heap-based buffer overflow in Acrobat Reader DC (versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, 2017.011.30188 and earlier) allows unauthenticated attackers to execute arbitrary code with user privileges. The attack vector requires user interaction—opening a malicious PDF file—but once executed, it achieves code execution in the current user context.
Summary generated and translated by AI from the official description.
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Adobe · Acrobat Readerpublic PoCs found — 1
githubgithub.com/ZeusBox/CVE-2021-21017★ 44⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →