CVE-2021-26605
published 2021-08-05CVE-2021-26605: An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.05%
59.9th percentile
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unidocs | ezpdfreader | — | — |
| unidocs | ezpdfreader | 2.0 – 3.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-26605 exploits improper input validation in the ezPDFReader service via JSON-RPC communication; monitor for crafted/unexpected input values delivered over JSON-RPC to the ezPDF launcher process ↗
- →Alert on arbitrary command execution originating from the ezPDFReader service process, which may indicate exploitation of the improper input validation vulnerability ↗
- ·No concrete hashes, IPs, domains, URLs, or signatures specific to CVE-2021-26605 exploitation were present in the provided sources; the Kaspersky APT Q3 2021 report (DOC 2/3) does not reference this CVE and yields no actionable IOCs for it ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-454x-8f5c-p2fv: An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command
ghsa_unreviewed·2022-05-24
CVE-2021-26605 [CRITICAL] CWE-20 GHSA-454x-8f5c-p2fv: An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
VulnCheck
unidocs ezpdfreader Improper Input Validation
vulncheck·2021·CVSS 7.5
CVE-2021-26605 [HIGH] unidocs ezpdfreader Improper Input Validation
unidocs ezpdfreader Improper Input Validation
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
Affected: unidocs ezpdfreader
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/apt-trends-report-q3-2021/104708/
No detection rules found.
No public exploits indexed.
Securelist
APT trends report Q3 2021
blogs_securelist·2021-10-26
APT trends report Q3 2021
Table of Contents
The most remarkable findings
Russian-speaking activity
Chinese-speaking activity
Middle East
Southeast Asia and Korean Peninsula
Other interesting discoveries
Final thoughts
Authors
GReAT
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2021.
Readers who would like to learn
Securelist
APT trends report Q3 2021
blogs_securelist·2021-10-26
APT trends report Q3 2021
Table of Contents
- The most remarkable findings
- Russian-speaking activity
- Chinese-speaking activity
- Middle East
- Southeast Asia and Korean Peninsula
- Other interesting discoveries
- Final thoughts
Authors
- GReAT
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2021.
Readers who would lik
2021-08-05
Published
Exploited in the wild