First published: Tue Jul 13 2021(Updated: )
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader | >=15.008.20082<=21.005.20054 | |
Adobe Acrobat Reader | >=17.011.30059<=17.011.30197 | |
Adobe Acrobat Reader | >=20.001.30005<=20.004.30005 | |
Adobe Acrobat Reader Notification Manager | >=15.008.20082<=21.005.20054 | |
Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30197 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.004.30005 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28635 affects Adobe Acrobat DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier, and 2017.011.30197 and earlier.
CVE-2021-28635 allows an unauthenticated attacker to achieve arbitrary code execution through a use-after-free vulnerability.
To mitigate CVE-2021-28635, it is recommended to upgrade to the latest version of Adobe Acrobat DC released after 2021.005.20054.
Currently, there are no known workarounds for CVE-2021-28635, so updating to a fixed version is the best approach.
CVE-2021-28635 is considered critical due to its potential to allow arbitrary code execution.