Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12203
HistoryJun 08, 2021 - 12:00 a.m.

KLA12203 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

2021-06-0800:00:00
Kaspersky Lab
threats.kaspersky.com
198
adobe
acrobat
reader
vulnerabilities
arbitrary code execution
update
ace
use after free
out of bounds read
latest version

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.028

Percentile

90.8%

JSON

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A use after free vulnerability can be exploited to execute arbitrary code.
  2. An out of bounds read vulnerability can be exploited to execute arbitrary code.

Original advisories

APSB21-37

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2021-28631 unknown

CVE-2021-28632 unknown

CVE-2021-28551 unknown

CVE-2021-28552 unknown

CVE-2021-28554 unknown

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

  • Adobe Acrobat 2020 Classic earlier than 2020.004.30005Adobe Acrobat 2017 Classic earlier than 2017.011.30197Adobe AcrobatΒ Reader 2020 Classic earlier than 2020.004.30005Adobe Acrobat Reader 2017 Classic earlier than 2017.011.30197Adobe Acrobat DC Continuous earlier than 2021.005.20048Adobe Acrobat Reader DC Continuous earlier than 2021.005.20048

Related

openvas 12
nessus 4
adobe 1
zdi 4
cvelist 5
cve 5
prion 5
checkpoint_advisories 1
nvd 5
qualysblog 1
openvas
openvas
Adobe Acrobat Classic 2020 Security Update (APSB21-37) - Windows
2021-06-10 00:00:00
Adobe Reader 2017 Security Update (APSB21-37) - Mac OS X
2021-06-10 00:00:00
Adobe Acrobat 2017 Security Update (APSB21-37) - Mac OS X
2021-06-10 00:00:00
nessus
nessus
Adobe Acrobat < 2017.011.30197 / 2020.004.30005 / 2021.005.20048 Multiple Vulnerabilities (APSB21-37) (macOS)
2021-06-08 00:00:00
Adobe Reader < 2017.011.30197 / 2020.004.30005 / 2021.005.20048 Multiple Vulnerabilities (APSB21-37) (macOS)
2021-06-08 00:00:00
Adobe Acrobat < 2017.011.30197 / 2020.004.30005 / 2021.005.20048 Multiple Vulnerabilities (APSB21-37)
2021-06-08 00:00:00
adobe
adobe
APSB21-37 Security update available for Adobe Acrobat and Reader
2021-06-08 00:00:00
zdi
zdi
Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability
2021-06-10 00:00:00
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
2021-06-10 00:00:00
Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
2021-06-10 00:00:00
cvelist
cvelist
CVE-2021-28554 Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution
2021-08-24 17:50:33
CVE-2021-28552 Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability
2021-08-24 17:50:53
CVE-2021-28551 Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability
2021-08-24 17:51:00
cve
cve
CVE-2021-28554
2021-08-24 18:15:08
CVE-2021-28552
2021-08-24 18:15:08
CVE-2021-28551
2021-08-24 18:15:07
prion
prion
Design/Logic Flaw
2021-08-24 18:15:00
Design/Logic Flaw
2021-08-24 18:15:00
Design/Logic Flaw
2021-08-24 18:15:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat Reader DC Path Join Out of Bounds Read (APSB21-37: CVE-2021-28554)
2021-06-08 00:00:00
nvd
nvd
CVE-2021-28551
2021-08-24 18:15:07
CVE-2021-28552
2021-08-24 18:15:08
CVE-2021-28554
2021-08-24 18:15:08
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities
2021-06-08 21:19:29

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.028

Percentile

90.8%

JSON
Related for KLA12203
openvas12nessus4adobe1zdi4cvelist5cve5prion5checkpoint_advisories1nvd5qualysblog1