CVE-2021-39860
Description
Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.75
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-39855,CVE-2021-39856,CVE-2021-39860 are affected in Adobe Acrobat DC (Classic Track) 17.011.30196 | Windows |
| Vulnerability CVE-2021-39855,CVE-2021-39856,CVE-2021-39860 are affected in Adobe Acrobat Reader DC 17.011.30196 | Windows |
| Vulnerability CVE-2021-39855,CVE-2021-39856,CVE-2021-39860 are affected in Adobe Acrobat Reader DC MUI (Classic Track) 17.011.30196 | Windows |
| Vulnerability CVE-2021-39855,CVE-2021-39856,CVE-2021-39860 are affected in Adobe Acrobat Reader DC MUI 17.011.30196 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-319976 | Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30197) (APSB21-37) |
| PATCH-343120 | Adobe Acrobat Reader DC (24.004.20272) |
| PATCH-307934 | Adobe Acrobat Reader 2017 MUI (Classic Track) update - All languages 17.011.30099 (APSB18-29) |
| PATCH-343122 | Adobe Acrobat Reader DC MUI (24.004.20272) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234