| VID |
50352 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Reader installed on the remote Windows host is a version prior to 17.011.30204, 20.004.30017, or 21.007.20099. It is, therefore, affected by multiple vulnerabilities.
- Affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40728)
- Affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. (CVE-2021-40729)
- Affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images. (CVE-2021-40730)
- Affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40731)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/787.html
https://helpx.adobe.com/security/products/acrobat/apsb21-104.html
* Platforms Affected:
Adobe Reader versions prior equal to 17.011.30204
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (17.011.30204 later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb21-37.html |
| Related URL |
CVE-2021-28554,CVE-2021-28551,CVE-2021-28552,CVE-2021-28631,CVE-2021-28632 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
