Home

CVE-2021-28545

Description

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.21

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Adobe Acrobat DC (Classic Track) 20.001.30018Windows
Vulnerability CVE-2021-21089,CVE-2021-28545,CVE-2021-28546 are affected in Adobe Acrobat DC (Continuous Track) 20.013.20074Windows
Vulnerability CVE-2021-28545,CVE-2021-28546 are affected in Adobe Acrobat Reader DC 20.001.30018Windows
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC MUI (Classic Track) 20.001.30018Windows
Vulnerability CVE-2021-28545,CVE-2021-28546 are affected in Adobe Acrobat Reader DC MUI 20.001.30018Windows
Multiple Vulnerabilities are affected in Adobe Acrobat DC for MAC 20.013.20074Mac
Multiple Vulnerabilities are affected in Adobe Acrobat Reader DC for MAC 20.013.20074Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-318303Adobe Acrobat 2020 (Classic Track) (20.001.30020) (APSB21-09)
PATCH-343119Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (24.004.20272)
PATCH-334840Adobe Acrobat Reader DC (23.008.20421)
PATCH-318302Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30020) (APSB21-09)
PATCH-343122Adobe Acrobat Reader DC MUI (24.004.20272)
PATCH-611991Adobe Acrobat DC for MAC (25.001.20693)(Deployment-Only)
PATCH-611989Adobe Acrobat Reader DC for MAC (25.001.20693)(Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234