7.3
CVE-2021-35982
- EPSS 0.31%
- Published 29.09.2021 16:15:07
- Last modified 21.11.2024 06:12:53
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 20.006.20034 <= 21.005.20060
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 20.006.20034 <= 21.005.20058
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 20.006.20034 <= 21.005.20060
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 20.006.20034 <= 21.005.20058
Adobe ≫ Acrobat Dc SwEditionclassic Version >= 20.004.30005 <= 20.004.30006
Adobe ≫ Acrobat Reader Dc SwEditionclassic Version >= 20.004.30005 <= 20.004.30006
Adobe ≫ Acrobat Dc SwEditionclassic Version >= 17.011.30158 <= 17.011.30199
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.509 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| psirt@adobe.com | 7.3 | 1.3 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.