CVE-2021-28550
Published: 02 September 2021
Summary
CVE-2021-28550 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat Dc. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
Acrobat Reader DC versions 2021.001.20150 and earlier, 2020.001.30020 and earlier, and 2017.011.30194 and earlier are affected by a Use After Free vulnerability (CWE-416) with a CVSS 3.1 score of 8.8. The flaw resides in the PDF handling components of these releases and can result in memory corruption when specially crafted content is processed.
An unauthenticated attacker can leverage the vulnerability for arbitrary code execution in the context of the current user. Successful exploitation requires the victim to open a malicious file, after which the attacker gains control within the reader's process.
Adobe security bulletin APSB21-29 addresses the issue and supplies updated builds that remediate the use-after-free condition. The vulnerability is also listed in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-15226
Vulnerability details
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the…
more
current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the Adobe patches that eliminate the use-after-free flaw before a malicious PDF can be exploited.
Malicious-code detection mechanisms can inspect or sandbox incoming PDF files that trigger the use-after-free condition.
Running Acrobat Reader under least-privilege accounts limits the impact of arbitrary code execution that results from successful exploitation.