CVE-2021-21045: Acrobat Reader DC Improper Installer Access Control Vulnerability Could Lead To Privilege Escalation
First published: Thu Feb 11 2021(Updated: )
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=17.0<=17.011.30188 | |
| Adobe Acrobat Reader | >=20.0<=20.001.30018 | |
| Adobe Acrobat Reader | <=20.013.20074 | |
| Adobe Acrobat Reader Notification Manager | >=17.0<=17.011.30188 | |
| Adobe Acrobat Reader Notification Manager | >=20.0<=20.001.300183 | |
| Adobe Acrobat Reader Notification Manager | <=20.013.20074 | |
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-21045?
CVE-2021-21045 is classified as a critical vulnerability due to its potential for privilege escalation.
How do I fix CVE-2021-21045?
To address CVE-2021-21045, update your Adobe Acrobat Reader DC to the latest version as recommended by Adobe.
Which versions of Adobe Acrobat are affected by CVE-2021-21045?
CVE-2021-21045 affects Acrobat Reader DC versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier.
Can CVE-2021-21045 be exploited remotely?
Yes, CVE-2021-21045 allows unauthenticated attackers to exploit the vulnerability remotely to elevate privileges.
Is my operating system affected by CVE-2021-21045?
No, CVE-2021-21045 specifically affects Adobe Acrobat products and does not impact macOS or Windows operating systems.
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/17.0
- version/adobe acrobat reader/17.011.30188
- version/adobe acrobat reader/20.0
- version/adobe acrobat reader/20.001.30018
- version/adobe acrobat reader/20.013.20074
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/17.0
- version/adobe acrobat reader notification manager/17.011.30188
- version/adobe acrobat reader notification manager/20.0
- version/adobe acrobat reader notification manager/20.001.300183
- version/adobe acrobat reader notification manager/20.013.20074
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows