What is the severity of CVE-2021-39857?

CVE-2021-39857 is classified as an Information Disclosure vulnerability.

How do I fix CVE-2021-39857?

To mitigate CVE-2021-39857, upgrade to the latest version of Adobe Acrobat Reader DC or Adobe Acrobat.

Which versions are affected by CVE-2021-39857?

CVE-2021-39857 affects Adobe Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier, and 2017.011.30199 and earlier.

Can an authenticated user exploit CVE-2021-39857?

CVE-2021-39857 can be exploited by an unauthenticated attacker.

What type of vulnerability is CVE-2021-39857?

CVE-2021-39857 is an Information Disclosure vulnerability that allows unauthorized information to be checked.

Vulnerability/
CVE-2021-39857

medium

4.3

CWE

200

29/9/2021

16/9/2024

CVE-2021-39857: Adobe Acrobat Reader DC Information Disclosure via ActiveX LoadFile

First published: Wed Sep 29 2021(Updated: )

Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat Reader	>=17.011.30059<=17.011.30199
Adobe Acrobat Reader Notification Manager	>=17.011.30059<=17.011.30199
macOS
Microsoft Windows Operating System
Adobe Acrobat Reader	>=20.001.30005<=20.004.30006
Adobe Acrobat Reader Notification Manager	>=20.001.30005<=20.004.30006
Adobe Acrobat Reader DC	>=15.008.20082<=21.005.20058
Adobe Acrobat Reader	>=15.008.20082<=21.005.20058
Adobe Acrobat Reader DC	>=15.008.20082<=21.005.20060
Adobe Acrobat Reader	>=15.008.20082<=21.005.20060

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Frequently Asked Questions

What is the severity of CVE-2021-39857?
CVE-2021-39857 is classified as an Information Disclosure vulnerability.
How do I fix CVE-2021-39857?
To mitigate CVE-2021-39857, upgrade to the latest version of Adobe Acrobat Reader DC or Adobe Acrobat.
Which versions are affected by CVE-2021-39857?
CVE-2021-39857 affects Adobe Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier, and 2017.011.30199 and earlier.
Can an authenticated user exploit CVE-2021-39857?
CVE-2021-39857 can be exploited by an unauthenticated attacker.
What type of vulnerability is CVE-2021-39857?
CVE-2021-39857 is an Information Disclosure vulnerability that allows unauthorized information to be checked.

agent/type
agent/weakness
agent/author
agent/references
agent/description
agent/severity
agent/title
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe acrobat reader
version/adobe acrobat reader/17.011.30059
version/adobe acrobat reader/17.011.30199
canonical/adobe acrobat reader notification manager
version/adobe acrobat reader notification manager/17.011.30059
version/adobe acrobat reader notification manager/17.011.30199
vendor/apple
canonical/macos
vendor/microsoft
canonical/microsoft windows operating system
version/adobe acrobat reader/20.001.30005
version/adobe acrobat reader/20.004.30006
version/adobe acrobat reader notification manager/20.001.30005
version/adobe acrobat reader notification manager/20.004.30006
canonical/adobe acrobat reader dc
version/adobe acrobat reader dc/15.008.20082
version/adobe acrobat reader dc/21.005.20058
version/adobe acrobat reader/15.008.20082
version/adobe acrobat reader/21.005.20058
version/adobe acrobat reader dc/21.005.20060
version/adobe acrobat reader/21.005.20060