CVE-2021-39840

CVE

High

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a us…

CVSS

7.8

High

EPSS

0.50

p98

Published

2021-01-01

Updated

2021-01-01

Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Tags · CWE

LPE

CWE-416

Affected products

AcrobatAcrobatAcrobat_dcAcrobat_dcAcrobat_readerAcrobat_readerAcrobat_reader_dcAcrobat_reader_dc

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.495 · p98

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Acrobat Dc Acrobat Reader Dc Acrobat Acrobat Reader

Product	Vendor	Status
acrobat	*	Tracked
acrobat	*	Tracked
acrobat_dc	*	Tracked
acrobat_dc	*	Tracked
acrobat_reader	*	Tracked
acrobat_reader	*	Tracked
acrobat_reader_dc	*	Tracked
acrobat_reader_dc	*	Tracked

Source databases

CVE

Related vulnerabilities

BDU:2021-05573