Risk | High |
Patch available | YES |
Number of vulnerabilities | 19 |
CVE-ID | CVE-2021-35988 CVE-2021-28638 CVE-2021-28635 CVE-2021-35981 CVE-2021-35983 CVE-2021-28634 CVE-2021-28636 CVE-2021-35984 CVE-2021-35985 CVE-2021-35986 CVE-2021-35987 CVE-2021-28637 CVE-2021-28642 CVE-2021-28639 CVE-2021-28641 CVE-2021-28643 CVE-2021-28640 CVE-2021-28644 CVE-2021-35980 |
CWE-ID | CWE-125 CWE-122 CWE-416 CWE-78 CWE-427 CWE-476 CWE-843 CWE-787 CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Adobe Acrobat Client/Desktop applications / Office applications Adobe Reader Client/Desktop applications / Office applications |
Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
EUVDB-ID: #VU54687
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54708
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28638
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a heap-based buffer overflow and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54696
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28635
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54695
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35981
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54694
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54714
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28634
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation. A local user can execute arbitrary OS commands and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54713
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28636
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54711
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54710
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35985
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54698
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35986
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition within the getAnnots method when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a type confusion error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1145/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54688
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35987
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54707
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28637
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54706
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28642
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger an Out-of-bounds write error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54693
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28639
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54692
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28641
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54697
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28643
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a type confusion error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54691
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28640
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document, trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54690
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28644
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to an input validation error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document and overwrite arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54689
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35980
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to an input validation error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF document and overwrite arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.005.20148
Adobe Reader: 21.001.20135 - 2020.013.20074
CPE2.3http://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.