CVE-2021-40726
Summary
| CVE | CVE-2021-40726 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-07 16:15:00 UTC |
| Updated | 2023-11-07 03:38:00 UTC |
| Description | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Acrobat Dc | All | All | All | All |
| Application | Adobe | Acrobat Dc | All | All | All | All |
| Application | Adobe | Acrobat Dc | All | All | All | All |
| Application | Adobe | Acrobat Dc | All | All | All | All |
| Application | Adobe | Acrobat Reader Dc | All | All | All | All |
| Application | Adobe | Acrobat Reader Dc | All | All | All | All |
| Application | Adobe | Acrobat Reader Dc | All | All | All | All |
| Application | Adobe | Acrobat Reader Dc | All | All | All | All |
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Security Bulletin | MISC | helpx.adobe.com | |
| ZDI-21-1249 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.