CVE-2021-28550

Warnung

EPSS 22.45%
Veröffentlicht 02.09.2021 17:15:08
Zuletzt bearbeitet 13.02.2025 17:30:34
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.001.20150

Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.001.20150

Microsoft ≫ Windows Version-

Adobe ≫ Acrobat SwEditionclassic Version >= 17.011.30059 <= 17.011.30194

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat SwEditionclassic Version >= 20.001.30005 <= 20.001.30020

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader SwEditionclassic Version >= 17.011.30059 <= 17.011.30194

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader SwEditionclassic Version >= 20.001.30005 <= 20.001.30020

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.001.20150

Apple ≫ macOS Version-

Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.001.20150

Apple ≫ macOS Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Use-After-Free Vulnerability

Schwachstelle

Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.45%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@adobe.com	9.6	2.8	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-28550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28550

EUVD