CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2021-40726 – Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40726
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Acrobat Reader DC versiones 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores) y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de uso de memoria previamente liberada cuando el campo AcroForm es procesado, que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. Es requerida una interacción del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForm fields. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html https://www.zerodayinitiative.com/advisories/ZDI-21-1249 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2021-39863 – Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-39863
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores), y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de desbordamiento del búfer cuando analizan un archivo PDF especialmente diseñado. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://github.com/lsw29475/CVE-2021-39863 https://github.com/WHS-SEGFAULT/CVE-2021-39863 https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-39861 – Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug
https://notcve.org/view.php?id=CVE-2021-39861
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores), y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de lectura fuera de límites que podría conllevar a una divulgación de información de memoria arbitraria en el contexto del usuario actual. Es requerida una interacción del usuario para explotar este problema, ya que la víctima debe abrir un archivo malicioso • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-39856 – Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile
https://notcve.org/view.php?id=CVE-2021-39856
Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. Acrobat Reader DC versiones ActiveX Control 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores), y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de divulgación de información. Un atacante no autenticado podría aprovechar esta vulnerabilidad para obtener las credenciales de NTLMv2. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-39860 – Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2021-39860
Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20060 (y anteriores), 2020.004.30006 (y anteriores) y 2017.011.30199 (y anteriores) de Acrobat Pro DC están afectadas por una vulnerabilidad de desviación de puntero nulo. Un atacante no autenticado podría aprovechar esta vulnerabilidad para revelar memoria sensible del usuario. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-476: NULL Pointer Dereference •