Components Affected
● Acrobat DC and Reader DC (Continues) version 2021.005.20054 and prior for Windows and macOS
● Acrobat DC and Reader DC (Classic 2020) version 2020.004.30005 and prior for Windows and macOS
● Acrobat DC and Reader DC (Classic 2017) version 2017.011.30197 and prior for Windows and macOS
Threat Level
Medium
Overview
Multiple vulnerabilities have been identified in Acrobat DC and Reader DC which could allow an attacker to execute arbitrary codes, privilege escalation, read and write arbitrary system files and finally cause a denial of service on a target system.
Description
These vulnerabilities are raised due to the heap-based buffer overflow error, path traversal, type confusion, improper search path element, etc. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on a target system.
Impact
● Executing unwanted applications
● Expose sensitive information
● Denial of service
Solution/ Workarounds
Apply the security update as mentioned in the Adobe security bulletin:
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Reference
● https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
● https://www.cert-in.org.in/
Disclaimer
The information provided herein is on an "as is" basis, without warranty of any kind.