Unknown
CVE-2021-21017
CVE-2021-21017
Description
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Add Assessment
Technical Analysis
Heap-based buffer overflow used in “limited, targeted attacks” according to Adobe’s advisory: https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Technical Analysis
A successful exploit strategy needs to bypass the following security mitigations on the target:
Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP)
Control Flow Guard (CFG)
Sandbox Bypass
Also PoC is available https://github.com/ZeusBox/CVE-2021-21017
CVSS V3 Severity and Metrics
General Information
Vendors
- adobe
Products
- acrobat,
- acrobat dc,
- acrobat reader,
- acrobat reader dc
Exploited in the Wild
References
