⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..
CVE-2021-21017 — Heap-based Buffer Overflow in Adobe Acrobat Reader
Severity
8.8HIGHNVD
EPSS
90.2%
top 0.41%
CISA KEV
KEV
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 11
KEV addedNov 3
KEV dueNov 17
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.
Description
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9