CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28545 – Acrobat Reader DC Missing Support for Integrity Check
https://notcve.org/view.php?id=CVE-2021-28545
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. Las versiones de Acrobat Reader DC 2020.013.20074 (y anteriores), 2020.001.30018 (y anteriores) y 2017.011.30188 (y anteriores) carecen de soporte para una comprobación de integridad. Un atacante no autentificado podría manipular completamente los datos de un PDF certificado sin invalidar la certificación original. • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-353: Missing Support for Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-21086 – Adobe Reader CoolType Arbitrary Stack Manipulation
https://notcve.org/view.php?id=CVE-2021-21086
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2020.013.20074 (y anteriores), versiones 2020.001.30018 (y anteriores) y versiones 2017.011.30188 (y anteriores), están afectadas por una vulnerabilidad de escritura fuera de límites en la biblioteca CoolType. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://github.com/infobyte/Exploit-CVE-2021-21086 https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2021-21089 – Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2021-21089
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2020.013.20074 (y anteriores), 2020.001.30018 (y anteriores) y 2017.011.30188 (y anteriores), están afectadas por una vulnerabilidad de lectura fuera de límites. Un atacante no autenticado podría aprovechar esta vulnerabilidad para escalar localmente los privilegios en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 56%CPEs: 8EXPL: 0CVE-2021-21088 – Adobe Acrobat Pro DC Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21088
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2020.013.20074 (y anteriores), 2020.001.30018 (y anteriores) y 2017.011.30188 (y anteriores) de Acrobat Reader DC están afectadas por una vulnerabilidad de use-after-free. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr la ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-416: Use After Free •
CVSS: 7.1EPSS: 1%CPEs: 8EXPL: 0CVE-2020-29075 – PDF Injection BlackHat Talk
https://notcve.org/view.php?id=CVE-2020-29075
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. Acrobat Reader DC versiones 2020.013.20066 (y anteriores), versiones 2020.001.30010 (y anteriores) y versiones 2017.011.30180 (y anteriores) está afectado por una vulnerabilidad de exposición de información, que podría permitir a un atacante obtener una interacción de DNS y rastrear si el usuario ha abierto o cerrado un archivo PDF cuando es cargado desde el sistema de archivos sin un mensaje. Una interacción del usuario es requerida para explotar esta vulnerabilidad • https://helpx.adobe.com/security/products/acrobat/apsb20-75.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •