Korean
<< Back
VID 50350
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30196, 2020.001.30025, or 2021.001.20155. It is, therefore, affected by multiple vulnerabilities.

- Affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40728)

- Affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. (CVE-2021-40729)

- Affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images. (CVE-2021-40730)

- Affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40731)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/787.html
https://helpx.adobe.com/security/products/acrobat/apsb21-104.html

* Platforms Affected:
Adobe Acrobat versions prior to 20.004.30017
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Acrobat (20.004.30017 later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb21-104.html
Related URL CVE-2021-40728,CVE-2021-40729,CVE-2021-40730,CVE-2021-40731 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)