CVE-2021-28550

Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution

CVSS 9.6 CRITICALEPSS 52.0%● KEVCWE-416

In short

Adobe Acrobat Reader has a memory management flaw that allows attackers to run malicious code on your computer when you open a specially crafted PDF file. This happens because the application uses memory that has already been freed, leading to unpredictable behavior.

Technical detail

A use-after-free vulnerability in Acrobat Reader DC (versions 2021.001.20150, 2020.001.30020, 2017.011.30194 and earlier) allows unauthenticated remote code execution when a victim opens a malicious PDF. The attack vector requires user interaction and exploits memory safety issues in the application's heap management.

Summary generated and translated by AI from the official description.

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Adobe · Acrobat Reader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://helpx.adobe.com/security/products/acrobat/apsb21-29.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28550