CVE-2021-28634: Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability
First published: Fri Aug 20 2021(Updated: )
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=21.005.20054 | |
| Adobe Acrobat | >=17.011.30059<=17.011.30197 | |
| Adobe Acrobat | >=20.001.30005<=20.004.30005 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.005.20054 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30197 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30005 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28634?
CVE-2021-28634 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2021-28634?
To fix CVE-2021-28634, update Adobe Acrobat DC or Acrobat Reader DC to the latest version available.
Which versions are affected by CVE-2021-28634?
CVE-2021-28634 affects Acrobat Reader DC versions 2021.005.20054 and earlier, Acrobat DC versions 2020.004.30005 and earlier, and 2017.011.30197 and earlier.
Can CVE-2021-28634 be exploited without authentication?
No, an attacker must be authenticated to exploit CVE-2021-28634.
What type of vulnerability is CVE-2021-28634?
CVE-2021-28634 is classified as an Improper Neutralization of Special Elements used in an OS Command vulnerability.
- agent/type
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/21.005.20054
- version/adobe acrobat/17.011.30059
- version/adobe acrobat/17.011.30197
- version/adobe acrobat/20.001.30005
- version/adobe acrobat/20.004.30005
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.005.20054
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30197
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30005