CVE-2021-44739
Published on: Not Yet Published
Last Modified on: 01/24/2022 01:09:00 PM UTC
Certain versions of Acrobat from Adobe contain the following vulnerability:
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.
- CVE-2021-44739 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 21.007.20099
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 20.004.30017
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 17.011.30204
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= None
CVSS3 Score: 4.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Adobe Security Bulletin | helpx.adobe.com text/html |
![]() |
Related QID Numbers
- 376233 Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB22-01)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat Dc | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader Dc | All | All | All | All |
Operating System | Apple | Macos | - | All | All | All |
Operating System | Microsoft | Windows | - | All | All | All |
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-44739 : Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier , 20.004.30017 and earlier… twitter.com/i/web/status/1… | 2022-01-14 20:20:56 |
![]() |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-01-12 14:16:08 |
![]() |
CVE-2021-44739 | 2022-01-14 20:38:59 |