KLA12230 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. OS command injection vulnerability can be exploited to execute arbitrary code.
2. Use after free vulnerability can be exploited to execute arbitrary code.
3. Information disclosure vulnerability can be exploited to cause denial of service or execute arbitrary code.
4. Code execution vulnerability can be exploited to execute arbitrary code.
5. NULL Pointer Dereference vulnerability can be exploited to dcause denial of service.
6. Out of bounds read vulnerability can be exploited to to gain privileges.
7. Buffer overflow vulnerability can be exploited to execute arbitrary code.
8. Type confusion vulnerability can be exploited to execute arbitrary code.
9. Out of bounds write vulnerability can be exploited to cause denial of service or execute arbitrary code.
10. Out of bounds read vulnerability can be exploited to obtain sensitive information.
11. Type confusion vulnerability can be exploited to cause denial of service

Original advisories

APSB21-51

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

Adobe-Acrobat-Reader-2020

Adobe-Acrobat-2020

CVE list

CVE-2021-28634 unknown

CVE-2021-28639 unknown

CVE-2021-28644 unknown

CVE-2021-28636 unknown

CVE-2021-35980 unknown

CVE-2021-35983 unknown

CVE-2021-35985 unknown

CVE-2021-35988 unknown

CVE-2021-35981 unknown

CVE-2021-28638 unknown

CVE-2021-35987 unknown

CVE-2021-35984 unknown

CVE-2021-28641 unknown

CVE-2021-28635 unknown

CVE-2021-28640 unknown

CVE-2021-28643 unknown

CVE-2021-28642 unknown

CVE-2021-28637 unknown

CVE-2021-35986 unknown

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Adobe Acrobat 2020 Classic earlier than 2020.004.30006Adobe Acrobat 2017 Classic earlier than 2017.011.30199Adobe Acrobat Reader 2020 Classic earlier than 2020.004.30006Adobe Acrobat Reader 2017 Classic earlier than 2017.011.30199Adobe Acrobat DC Continuous earlier than 2021.005.20058Adobe Acrobat Reader DC Continuous earlier than 2021.005.20058