CVE-2021-28560
Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution
In short
Adobe Acrobat Reader has a memory corruption flaw that allows attackers to run malicious code on your computer if you open a specially crafted PDF file. This is dangerous because it gives attackers full control over your system with your user privileges.
Technical detail
A heap-based buffer overflow in Acrobat Reader DC (versions 2021.001.20150 and earlier, 2020.001.30020 and earlier, 2017.011.30194 and earlier) allows unauthenticated remote code execution when a victim opens a malicious PDF file. The vulnerability exploits memory corruption to execute arbitrary code in the user's context without requiring elevated privileges.
Summary generated and translated by AI from the official description.
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Adobe · Acrobat ReaderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →