// For flags

CVE-2021-44714

Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts

Severity Score

3.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.

Acrobat Reader DC versiones 21.007.20099 (y anteriores), versiones 20.004.30017 (y anteriores) y versiones 17.011.30204 (y anteriores), están afectadas por una Violación de los Principios de Diseño Seguro que podría conllevar a una omisión de la función de seguridad. Acrobat Reader DC muestra un mensaje de advertencia cuando un usuario hace clic en un archivo PDF, que podría ser usado por un atacante para engañar al usuario. En las versiones afectadas, este mensaje de advertencia no incluye los protocolos personalizados cuando son usados por el emisor. Es requerida una interacción del usuario para abusar de esta vulnerabilidad, ya que tendría que hacer clic en "allow" en el mensaje de advertencia de un archivo malicioso

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-07 CVE Reserved
  • 2022-01-14 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-11-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-657: Violation of Secure Design Principles
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Acrobat Dc
Search vendor "Adobe" for product "Acrobat Dc"
>= 15.008.20082 <= 21.007.20099
Search vendor "Adobe" for product "Acrobat Dc" and version " >= 15.008.20082 <= 21.007.20099"
continuous
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader Dc
Search vendor "Adobe" for product "Acrobat Reader Dc"
>= 15.008.20082 <= 21.007.20099
Search vendor "Adobe" for product "Acrobat Reader Dc" and version " >= 15.008.20082 <= 21.007.20099"
continuous
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat
Search vendor "Adobe" for product "Acrobat"
>= 17.011.30059 <= 17.011.30204
Search vendor "Adobe" for product "Acrobat" and version " >= 17.011.30059 <= 17.011.30204"
classic
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat
Search vendor "Adobe" for product "Acrobat"
>= 17.011.30059 <= 17.011.30204
Search vendor "Adobe" for product "Acrobat" and version " >= 17.011.30059 <= 17.011.30204"
classic
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat
Search vendor "Adobe" for product "Acrobat"
>= 20.001.30005 <= 20.004.30017
Search vendor "Adobe" for product "Acrobat" and version " >= 20.001.30005 <= 20.004.30017"
classic
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat
Search vendor "Adobe" for product "Acrobat"
>= 20.001.30005 <= 20.004.30017
Search vendor "Adobe" for product "Acrobat" and version " >= 20.001.30005 <= 20.004.30017"
classic
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader
Search vendor "Adobe" for product "Acrobat Reader"
>= 17.011.30059 <= 17.011.30204
Search vendor "Adobe" for product "Acrobat Reader" and version " >= 17.011.30059 <= 17.011.30204"
classic
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader
Search vendor "Adobe" for product "Acrobat Reader"
>= 17.011.30059 <= 17.011.30204
Search vendor "Adobe" for product "Acrobat Reader" and version " >= 17.011.30059 <= 17.011.30204"
classic
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader
Search vendor "Adobe" for product "Acrobat Reader"
>= 20.001.30005 <= 20.004.30017
Search vendor "Adobe" for product "Acrobat Reader" and version " >= 20.001.30005 <= 20.004.30017"
classic
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader
Search vendor "Adobe" for product "Acrobat Reader"
>= 20.001.30005 <= 20.004.30017
Search vendor "Adobe" for product "Acrobat Reader" and version " >= 20.001.30005 <= 20.004.30017"
classic
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Dc
Search vendor "Adobe" for product "Acrobat Dc"
>= 15.008.20082 <= 21.007.20099
Search vendor "Adobe" for product "Acrobat Dc" and version " >= 15.008.20082 <= 21.007.20099"
continuous
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Adobe
Search vendor "Adobe"
Acrobat Reader Dc
Search vendor "Adobe" for product "Acrobat Reader Dc"
>= 15.008.20082 <= 21.007.20099
Search vendor "Adobe" for product "Acrobat Reader Dc" and version " >= 15.008.20082 <= 21.007.20099"
continuous
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe