CVE-2021-28555 – Adobe Acrobat Reader out-of-bounds Read could lead to information disclosure
https://notcve.org/view.php?id=CVE-2021-28555
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.001.20150 (y anteriores), versiones 2020.001.30020 (y anteriores) y versiones 2017.011.30194 (y anteriores), están afectadas por una vulnerabilidad de lectura fuera de límites. Un atacante no autenticado podría aprovechar esta vulnerabilidad para acceder a información confidencial en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-29.html • CWE-125: Out-of-bounds Read •
CVE-2021-28558 – Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-28558
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.001.20150 (y anteriores), versiones 2020.001.30020 (y anteriores) y versiones 2017.011.30194 (y anteriores), están afectadas por una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el componente PDFLibTool. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-29.html • CWE-122: Heap-based Buffer Overflow •
CVE-2021-28546 – Acrobat Reader DC Missing Support for Integrity Check
https://notcve.org/view.php?id=CVE-2021-28546
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. Acrobat Reader DC versiones 2020.013.20074 (y anteriores), versiones 2020.001.30018 (y anteriores) y versiones 2017.011.30188 (y anteriores), carecen de compatibilidad con una comprobación de integridad. Un atacante no autentificado podría aprovechar esta vulnerabilidad para modificar el contenido de un PDF certificado sin invalidar la certificación. • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-353: Missing Support for Integrity Check •
CVE-2021-28545 – Acrobat Reader DC Missing Support for Integrity Check
https://notcve.org/view.php?id=CVE-2021-28545
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. Las versiones de Acrobat Reader DC 2020.013.20074 (y anteriores), 2020.001.30018 (y anteriores) y 2017.011.30188 (y anteriores) carecen de soporte para una comprobación de integridad. Un atacante no autentificado podría manipular completamente los datos de un PDF certificado sin invalidar la certificación original. • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-353: Missing Support for Integrity Check •
CVE-2021-21086 – Adobe Reader CoolType Arbitrary Stack Manipulation
https://notcve.org/view.php?id=CVE-2021-21086
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2020.013.20074 (y anteriores), versiones 2020.001.30018 (y anteriores) y versiones 2017.011.30188 (y anteriores), están afectadas por una vulnerabilidad de escritura fuera de límites en la biblioteca CoolType. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://github.com/infobyte/Exploit-CVE-2021-21086 https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-787: Out-of-bounds Write •