Severity
Medium
Analysis Summary
CVE-2021-21017 CVSS:7.8
Adobe Acrobat and Adobe Reader are vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-28550 CVSS:7.8
Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Impact
- Buffer Overflow
- Code Execution
Indicators Of Compromise
CVE
- CVE-2021-21017
- CVE-2021-28550
Affected Vendors
Adobe
Affected Products
- Adobe Acrobat 2017 2017.011.30188
- Adobe Acrobat Reader 2017 2017.011.30188
- Adobe Acrobat 2020 20.001.30018
- Adobe Acrobat Reader 2020 20.001.30018
- Adobe Acrobat 2017 2017.011.30194
- Adobe Acrobat Reader 2017 2017.011.30194
- Adobe Acrobat 2020 20.001.30020
- Adobe Acrobat Reader 2020 20.001.30020
Remediation
Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.