What is the severity of CVE-2021-44714?

CVE-2021-44714 is classified as a security feature bypass, which is considered a significant vulnerability.

How do I fix CVE-2021-44714?

To fix CVE-2021-44714, update Adobe Acrobat Reader DC to the latest version released by Adobe.

What versions of Acrobat Reader DC are affected by CVE-2021-44714?

CVE-2021-44714 affects Acrobat Reader DC version 21.007.20099 and earlier, as well as versions 20.004.30017 and 17.011.30204 and earlier.

Can CVE-2021-44714 be exploited remotely?

CVE-2021-44714 has the potential for exploitation, but the specifics of remote exploitation depend on user interaction.

What is the nature of the Violation of Secure Design Principles in CVE-2021-44714?

CVE-2021-44714 involves a violation of secure design principles that may lead to a circumvention of intended security features in Adobe Acrobat.

Vulnerability/
CVE-2021-44714

medium

4.3

CWE

657

14/1/2022

16/9/2024

CVE-2021-44714: Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts

First published: Fri Jan 14 2022(Updated: )

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat	>=15.008.20082<=21.007.20099
Adobe Acrobat Reader	>=15.008.20082<=21.007.20099
Microsoft Windows
Adobe Acrobat Reader	>=17.011.30059<=17.011.30204
Adobe Acrobat Reader	>=20.001.30005<=20.004.30017
Adobe Acrobat Reader	>=17.011.30059<=17.011.30204
Adobe Acrobat Reader	>=20.001.30005<=20.004.30017
Apple iOS and macOS

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Frequently Asked Questions

What is the severity of CVE-2021-44714?
CVE-2021-44714 is classified as a security feature bypass, which is considered a significant vulnerability.
How do I fix CVE-2021-44714?
To fix CVE-2021-44714, update Adobe Acrobat Reader DC to the latest version released by Adobe.
What versions of Acrobat Reader DC are affected by CVE-2021-44714?
CVE-2021-44714 affects Acrobat Reader DC version 21.007.20099 and earlier, as well as versions 20.004.30017 and 17.011.30204 and earlier.
Can CVE-2021-44714 be exploited remotely?
CVE-2021-44714 has the potential for exploitation, but the specifics of remote exploitation depend on user interaction.
What is the nature of the Violation of Secure Design Principles in CVE-2021-44714?
CVE-2021-44714 involves a violation of secure design principles that may lead to a circumvention of intended security features in Adobe Acrobat.

agent/type
agent/author
agent/references
agent/description
agent/weakness
agent/severity
agent/title
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe acrobat
version/adobe acrobat/15.008.20082
version/adobe acrobat/21.007.20099
canonical/adobe acrobat reader
version/adobe acrobat reader/15.008.20082
version/adobe acrobat reader/21.007.20099
vendor/microsoft
canonical/microsoft windows
version/adobe acrobat reader/17.011.30059
version/adobe acrobat reader/17.011.30204
version/adobe acrobat reader/20.001.30005
version/adobe acrobat reader/20.004.30017
vendor/apple
canonical/apple ios and macos