CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28634 – Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-28634
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores), y 2017.011.30197 (y anteriores), están afectadas por una Neutralización Inapropiada de Elementos Especiales usados en un comando del Sistema Operativo. Un atacante autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en la máquina anfitriona en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28638 – Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28638
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores), y 2017.011.30197 (y anteriores), están afectadas por una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28643 – Adobe Acrobat Pro DC embedDocAsDataObject Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-28643
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores), y 2017.011.30197 (y anteriores), están afectadas por una vulnerabilidad Type Confusion. Un atacante no autenticado podría aprovechar esta vulnerabilidad para divulgar información confidencial de la memoria en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 6%CPEs: 6EXPL: 0CVE-2021-28639 – Adobe Acrobat Reader DC setAction Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28639
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores), y 2017.011.30197 (y anteriores), están afectadas por una vulnerabilidad de uso de memoria previamente liberada. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 6%CPEs: 6EXPL: 0CVE-2021-35981 – Adobe Acrobat Reader DC launchURL Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35981
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores), y 2017.011.30197 (y anteriores), están afectadas por una vulnerabilidad de uso de memoria previamente liberada. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-416: Use After Free •