CVE-2021-21088: Adobe Acrobat Pro DC Use-After-Free Remote Code Execution Vulnerability
First published: Wed Sep 06 2023(Updated: )
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=17.011.30180<17.011.30190 | |
| Adobe Acrobat Reader | >=20.001.30005<20.001.30020 | |
| Adobe Acrobat Reader DC | >=15.007.20033<21.001.20135 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30180<17.011.30190 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<20.001.30020 | |
| Adobe Acrobat Reader | >=15.007.20033<21.001.20135 | |
| macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-21088.
Which versions of Acrobat Reader DC are affected by this vulnerability?
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by this vulnerability.
What is the severity rating of CVE-2021-21088?
The severity rating of CVE-2021-21088 is 7.8 (high).
How can an attacker exploit this vulnerability?
An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.
Is there a fix available for this vulnerability?
Yes, Adobe has released a security update to address this vulnerability. It is recommended to update to the latest version of Acrobat Reader DC.
- agent/type
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/17.011.30180
- version/adobe acrobat reader/20.001.30005
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.007.20033
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/17.011.30180
- version/adobe acrobat reader notification manager/20.001.30005
- version/adobe acrobat reader/15.007.20033
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system