CVE-2021-28554
Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution
In short
Adobe Acrobat Reader DC has a flaw where it reads data beyond safe memory boundaries when parsing file paths. An attacker can craft a malicious PDF that, when opened, executes harmful code on your computer.
Technical detail
An out-of-bounds read vulnerability in path parsing allows an unauthenticated attacker to trigger arbitrary code execution within the user's context. Exploitation requires social engineering to convince a user to open a specially crafted PDF file; the vulnerability exists in Acrobat Reader DC versions 2021.001.20155 and earlier, 2020.001.30025 and earlier, and 2017.011.30196 and earlier.
Summary generated and translated by AI from the official description.
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Adobe · Acrobat ReaderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →