Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Description

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Use after free vulnerability can be exploited to execute arbitrary code.
2. Improper input validation vulnerability can be exploited to obtain sensitive information.
3. Out of bounds read vulnerability can be exploited to gain privileges.
4. Integer overflow vulnerability can be exploited to execute arbitrary code.
5. Path traversal vulnerability can be exploited to execute arbitrary code.
6. Buffer overflow vulnerability can be exploited to execute arbitrary code.
7. An out of bound write vulnerability can be exploited to execute arbitrary code.
8. NULL pointer dereference vulnerability can be exploited to obtain sensitive information.
9. Buffer overflow vulnerability can be exploited to cause denial of service.
10. Improper access control vulnerability can be exploited to gain privileges.
11. Use after free vulnerability can be exploited to obtain sensitive information.
12. Heap-based buffer overflow vulnerability can be exploited to execute arbitrary code.
13. Security bypass vulnerability can be exploited to bypass security restrictions.

Original advisories

• APSB21-09

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Adobe-Acrobat-Reader-DC-Continuous
• Adobe-Acrobat-DC-Continuous
• Adobe-Acrobat-Reader-2017
• Adobe-Acrobat-2017
• Adobe-Acrobat-Reader-2020
• Adobe-Acrobat-2020

CVE list

• CVE-2021-21035
  critical
• CVE-2021-21060
  warning
• CVE-2021-21034
  warning
• CVE-2021-21036
  critical
• CVE-2021-21037
  critical
• CVE-2021-21058
  critical
• CVE-2021-21028
  critical
• CVE-2021-21062
  critical
• CVE-2021-21044
  critical
• CVE-2021-21041
  critical
• CVE-2021-21063
  critical
• CVE-2021-21057
  high
• CVE-2021-21033
  critical
• CVE-2021-21038
  critical
• CVE-2021-21046
  warning
• CVE-2021-21045
  critical
• CVE-2021-21061
  warning
• CVE-2021-21017
  critical
• CVE-2021-21040
  critical
• CVE-2021-21039
  critical
• CVE-2021-21042
  high
• CVE-2021-21021
  critical
• CVE-2021-21059
  critical
• CVE-2021-21086
  critical
• CVE-2021-21088
  critical
• CVE-2021-28546
  high
• CVE-2021-21089
  warning
• CVE-2021-28545
  critical
• CVE-2021-40723
  high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com