Detections
Analytics

Adobe Acrobat <= 2017.011.30194 / 2020.001.30020 / 2021.001.20150 Multiple Vulnerabilities (APSB21-29)

high Nessus Plugin ID 149380

Language:

Synopsis

The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30194, 2020.001.30020, or 2021.001.20150. It is, therefore, affected by multiple vulnerabilities.

 - Out-of-bounds write vulnerabilities that can result in arbitrary code execution. (CVE-2021-21044, CVE-2021-21038, CVE-2021-21086)

 - Use after free vulnerabilities that can result in arbitrary code execution. (CVE-2021-28562, CVE-2021-28550, CVE-2021-28553)

 - An out-of-bounds read vulnerability that can result in a memory leak. (CVE-2021-28557)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Acrobat version 2017.011.30196 / 2020.001.30025 / 2021.001.20155 or later.

See Also

https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Plugin Details

Severity: High

ID: 149380

File Name: adobe_acrobat_apsb21-29.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 5/11/2021

Updated: 1/2/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-28565

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Acrobat

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2021

Vulnerability Publication Date: 2/11/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-21038, CVE-2021-21044, CVE-2021-21086, CVE-2021-28550, CVE-2021-28553, CVE-2021-28555, CVE-2021-28557, CVE-2021-28558, CVE-2021-28559, CVE-2021-28560, CVE-2021-28561, CVE-2021-28562, CVE-2021-28564, CVE-2021-28565

IAVA: 2021-A-0229-S