What is the severity of CVE-2021-44739?

CVE-2021-44739 is classified as an Information Disclosure vulnerability that can lead to the exposure of NTLMv2 credentials.

How do I fix CVE-2021-44739?

To mitigate CVE-2021-44739, users should update Adobe Acrobat Reader DC to the latest version beyond 21.007.20099.

Which versions of Adobe software are affected by CVE-2021-44739?

Affected versions include Adobe Acrobat Reader DC versions up to 21.007.20099, Acrobat versions up to 20.004.30017, and Acrobat Reader versions up to 17.011.30204.

Can CVE-2021-44739 be exploited remotely?

Yes, CVE-2021-44739 can be exploited by an unauthenticated attacker to obtain sensitive information remotely.

What are the potential consequences of an attack exploiting CVE-2021-44739?

Exploitation of CVE-2021-44739 may lead to unauthorized access to NTLMv2 credentials, increasing the risk of further attacks on affected systems.

Vulnerability/
CVE-2021-44739

medium

4.3

CWE

200

14/1/2022

16/9/2024

CVE-2021-44739: Adobe Acrobat Reader DC add-on (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Auth leak vulnerability

First published: Fri Jan 14 2022(Updated: )

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat	>=21.001.20149<=21.007.20099
Adobe Acrobat Reader	>=21.001.20149<=21.007.20099
Microsoft Windows
Apple iOS and macOS
Adobe Acrobat Reader	>=20.001.30005<=20.004.30017
Adobe Acrobat Reader	>=20.001.30005<=20.004.30017
Adobe Acrobat Reader	>=17.011.30180<=17.011.30204
Adobe Acrobat Reader	>=17.011.30180<=17.011.30204

Remedy

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Frequently Asked Questions

What is the severity of CVE-2021-44739?
CVE-2021-44739 is classified as an Information Disclosure vulnerability that can lead to the exposure of NTLMv2 credentials.
How do I fix CVE-2021-44739?
To mitigate CVE-2021-44739, users should update Adobe Acrobat Reader DC to the latest version beyond 21.007.20099.
Which versions of Adobe software are affected by CVE-2021-44739?
Affected versions include Adobe Acrobat Reader DC versions up to 21.007.20099, Acrobat versions up to 20.004.30017, and Acrobat Reader versions up to 17.011.30204.
Can CVE-2021-44739 be exploited remotely?
Yes, CVE-2021-44739 can be exploited by an unauthenticated attacker to obtain sensitive information remotely.
What are the potential consequences of an attack exploiting CVE-2021-44739?
Exploitation of CVE-2021-44739 may lead to unauthorized access to NTLMv2 credentials, increasing the risk of further attacks on affected systems.

agent/type
agent/author
agent/remedy
agent/references
agent/weakness
agent/description
agent/title
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe acrobat
version/adobe acrobat/21.001.20149
version/adobe acrobat/21.007.20099
canonical/adobe acrobat reader
version/adobe acrobat reader/21.001.20149
version/adobe acrobat reader/21.007.20099
vendor/microsoft
canonical/microsoft windows
vendor/apple
canonical/apple ios and macos
version/adobe acrobat reader/20.001.30005
version/adobe acrobat reader/20.004.30017
version/adobe acrobat reader/17.011.30180
version/adobe acrobat reader/17.011.30204