CVE-2021-39840

CVE Database · CVE-2021-39840

CVE-2021-39840

· N/AModified

CVSS v3.1

N/A

EPSS

49.53%

Published

Sep 29, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Weaknesses (CWE)

CWE-416

Affected Products (14)

adobe · acrobatvulnerable

adobe · acrobat_readervulnerable

apple · macos

microsoft · windows

adobe · acrobat_dcvulnerable

adobe · acrobat_reader_dcvulnerable

apple · macos

adobe · acrobat_dcvulnerable

adobe · acrobat_reader_dcvulnerable

microsoft · windows

adobe · acrobatvulnerable

· acrobat_reader

References (2)

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Release NotesVendor Advisory

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs