CVE-2021-44714Violation of Secure Design Principles in Adobe Acrobat Reader

CWE-657Violation of Secure Design Principles4 documents4 sources
Severity
3.3LOWNVD
CNA2.5
EPSS
0.5%
top 32.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe Acrobat ReaderAdobe AcrobatAdobe Acrobat DC+1 more
Timeline
PublishedJan 14
Latest updateJan 15

Description

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulner

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5adobe/acrobat_readerunspecified21.007.20099+3
NVDadobe/acrobat_reader17.011.3005917.011.30204+1
NVDadobe/acrobat_reader_dc15.008.2008221.007.20099
NVDadobe/acrobat17.011.3005917.011.30204+1
NVDadobe/acrobat_dc15.008.2008221.007.20099

🔴Vulnerability Details

2
GHSA
GHSA-85x3-59h8-rmrv: Acrobat Reader DC version 212022-01-15
CVEList
Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts2022-01-14

🕵️Threat Intelligence

1
Zscaler
Zscaler protects against 25 Adobe vulnerability | 01-11-2022
CVE-2021-44714 — Violation of Secure Design Principles | cvebase