Critical Adobe Acrobat Reader Vulnerability

2/18/2021

Adobe patches multiple critical and important vulnerabilities including zero day CVE-2021-21017 for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Overview

Adobe disclosed and patched critical zero day vulnerability tracked as CVE-2021- 21017. The zero day has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability.
This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a bufferoverflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.

Overview

Adobe disclosed and patched critical zero day vulnerability tracked as CVE-2021- 21017. The zero day has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability.