Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.Īcrobat DC Continuous 21.007.20095 and earlier versions in WindowsĪcrobat DC Continuous 21.007.20096 and earlier versions in macOSĪcrobat 2020 Classic 2020 20.004.30015 and earlier versions in Windows & macOSĪcrobat 2017 Classic 2017 17.011.30202 and earlier versions in Windows & macOSįoxit PDF Editor 11.5 and all previous 11.x versions, 10.9 and earlier An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Foxit’s PDF Editor is also impacted by this vulnerability since it also uses the Solid Framework for the conversion of PDF files to other file formats.ĬVE-2021-40729 is an out-of-bounds read vulnerability that could potentially lead to disclosure of sensitive memory.
Adobe uses the Solid Framework for the conversion of PDF files to Microsoft Office files. In this blog, we present our analysis of this vulnerability in the Adobe Acrobat Pro DC Solid Framework. Among these vulnerabilities is an out-of-bounds read (CVE-2021-40729) that was discovered by Zscaler’s ThreatLabz. In October 2021, Adobe released a security update for vulnerabilities in Adobe Acrobat and Reader.
0 kommentar(er)
