Critical Adobe Acrobat Reader Vulnerability
2/18/2021

Adobe patches multiple critical and important vulnerabilities including zero day CVE-2021-21017 for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Overview

  • Adobe disclosed and patched critical zero day vulnerability tracked as CVE-2021- 21017. The zero day has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

  • Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability.

  • This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a bufferoverflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.

 

Acrobat Reader