CVE-2021-44704
Published on: Not Yet Published
Last Modified on: 01/21/2022 08:33:00 PM UTC
Certain versions of Acrobat from Adobe contain the following vulnerability:
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2021-44704 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Adobe - Acrobat Reader version <= 21.007.20099
- Affected Vendor/Software: Adobe - Acrobat Reader version <= 20.004.30017
- Affected Vendor/Software: Adobe - Acrobat Reader version <= 17.011.30204
- Affected Vendor/Software: Adobe - Acrobat Reader version <= None
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 9.3 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Adobe Security Bulletin | helpx.adobe.com text/html | MISC helpx.adobe.com/security/products/acrobat/apsb22-01.html |
Related QID Numbers
- 376233 Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB22-01)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat Dc | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader Dc | All | All | All | All |
Operating System | Apple | Macos | - | All | All | All |
Operating System | Microsoft | Windows | - | All | All | All |
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2021-44704 : Acrobat Reader DC version 21.007.20099 and earlier , 20.004.30017 and earlier and 17.011.30204… twitter.com/i/web/status/1… | 2022-01-14 20:16:12 |
/r/k12cybersecurity | MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-01-12 14:16:08 |
/r/netcve | CVE-2021-44704 | 2022-01-14 20:38:52 |