CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-21017

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score27.8880%
EPSS Percentile92.41th
Published2021年2月11日
Last Modified2025年10月23日

Vulnerability Description

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Platforms (CPE)

📦
Adobe

Acrobat

>= 17.0 and <= 17.011.30188
📦
Adobe

Acrobat

>= 20.0 and <= 20.001.30018
📦
Adobe

Acrobat Dc

<= 20.013.20074
📦
Adobe

Acrobat Reader

>= 17.0 and <= 17.011.30188
📦
Adobe

Acrobat Reader

>= 20.0 and <= 20.001.300183
📦
Adobe

Acrobat Reader Dc

<= 20.013.20074

References & Advisories

🔗 https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
🔗 https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21017

相关漏洞威胁

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...