cbcvebase.
CVE-2021-26605
published 2021-08-05

CVE-2021-26605: An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.05%
59.9th percentile
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.

Affected

2 ranges
VendorProductVersion rangeFixed in
unidocsezpdfreader
unidocsezpdfreader2.0 – 3.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-26605 exploits improper input validation in the ezPDFReader service via JSON-RPC communication; monitor for crafted/unexpected input values delivered over JSON-RPC to the ezPDF launcher process
  • Alert on arbitrary command execution originating from the ezPDFReader service process, which may indicate exploitation of the improper input validation vulnerability
  • ·No concrete hashes, IPs, domains, URLs, or signatures specific to CVE-2021-26605 exploitation were present in the provided sources; the Kaspersky APT Q3 2021 report (DOC 2/3) does not reference this CVE and yields no actionable IOCs for it

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.