CVE-2021-21061: Acrobat Pro DC Use-After-Free Vulnerability Could Lead to Information Disclosure
First published: Tue Feb 09 2021(Updated: )
Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=17.0<=17.011.30188 | |
| Adobe Acrobat Reader | >=20.0<=20.001.30018 | |
| Adobe Acrobat Reader DC | <=20.013.20074 | |
| Adobe Acrobat Reader Notification Manager | >=17.0<=17.011.30188 | |
| Adobe Acrobat Reader Notification Manager | >=20.0<=20.001.300183 | |
| Adobe Acrobat Reader | <=20.013.20074 | |
| macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-21061?
CVE-2021-21061 is classified as a critical severity vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2021-21061?
To fix CVE-2021-21061, update Adobe Acrobat Pro DC and Adobe Acrobat Reader to the latest versions, specifically versions after 2020.013.20074 for DC and 20.001.30018 or 17.011.30189 for Reader.
What types of software are affected by CVE-2021-21061?
CVE-2021-21061 affects Adobe Acrobat Pro DC, Adobe Acrobat Reader, and their respective versions specified in the vulnerability details.
Can CVE-2021-21061 be exploited remotely?
Yes, CVE-2021-21061 can be exploited remotely by an unauthenticated attacker through specially crafted PDF documents.
What are the consequences of exploiting CVE-2021-21061?
Exploiting CVE-2021-21061 can lead to code execution, allowing attackers to control the affected system.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/17.0
- version/adobe acrobat reader/17.011.30188
- version/adobe acrobat reader/20.0
- version/adobe acrobat reader/20.001.30018
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/20.013.20074
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/17.0
- version/adobe acrobat reader notification manager/17.011.30188
- version/adobe acrobat reader notification manager/20.0
- version/adobe acrobat reader notification manager/20.001.300183
- version/adobe acrobat reader/20.013.20074
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system