KLA12283 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A uncontrolled search path element vulnerability can be exploited to execute arbitrary code.
2. A NULL pointer dereference vulnerability can be exploited to cause denial of service.
3. A use after free vulnerability can be exploited to execute arbitrary code.
4. An out of bounds write vulnerability can be exploited to cause denial of service.
5. A heap based buffer overflow vulnerability can be exploited to execute arbitrary code.
6. An out of bounds read vulnerability can be exploited to cause denial of service.
7. A type confusion vulnerability can be expoited to execute arbitrary code.
8. A stack based buffer overflow vulnerability can be exploited to execute arbitrary code.
9. An information exposure vulnerability can be exploited to obtain sensitive information.
10. An out of bounds read vulnerability can be exploited to obtain sensitive information.
11. An use after free vulnerability can be exploited to execute arbitrary code.

Original advisories

APSB21-55

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2021-35982 high

CVE-2021-39853 high

CVE-2021-39859 high

CVE-2021-39843 critical

CVE-2021-39840 critical

CVE-2021-39863 critical

CVE-2021-39861 high

CVE-2021-39841 critical

CVE-2021-39845 high

CVE-2021-39855 high

CVE-2021-39844 warning

CVE-2021-39836 critical

CVE-2021-39852 high

CVE-2021-39838 critical

CVE-2021-39851 high

CVE-2021-39846 high

CVE-2021-39837 critical

CVE-2021-39854 high

CVE-2021-39857 warning

CVE-2021-39842 critical

CVE-2021-39860 high

CVE-2021-39858 warning

CVE-2021-39849 high

CVE-2021-39856 high

CVE-2021-39839 critical

CVE-2021-39850 high

CVE-2021-40726 critical

CVE-2021-40725 critical

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Adobe Acrobat 2020 Classic earlier than 2020.004.30015Adobe Acrobat 2017 Classic earlier than 2017.011.30202Adobe Acrobat Reader 2020 Classic earlier than 2020.004.30015Adobe Acrobat Reader 2017 Classic earlier than 2017.011.30202Adobe Acrobat DC Continuous earlier than 2021.007.20091Adobe Acrobat Reader DC Continuous earlier than 2021.007.20091