CVE-2021-35980 : What You Need to Know

Understanding CVE-2021-35980

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier), and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An attacker could exploit this vulnerability to execute arbitrary code in the current user's context.

What is CVE-2021-35980?

CVE-2021-35980 is a Path Traversal Remote Code Execution vulnerability affecting Adobe Acrobat Reader DC versions, allowing unauthenticated attackers to perform arbitrary code execution.

The Impact of CVE-2021-35980

The impact of this vulnerability is rated as high severity, with a CVSS base score of 7.8.

Technical Details of CVE-2021-35980

Acrobat Reader versions 2021.005.20054 (and earlier) are affected by a Path traversal vulnerability, potentially leading to arbitrary code execution.

Vulnerability Description

The vulnerability allows unauthenticated attackers to execute arbitrary code in the context of the current user by leveraging a path traversal issue.

Affected Systems and Versions

Adobe Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier), and 2017.011.30197 (and earlier) are affected.

Exploitation Mechanism

Exploiting this vulnerability requires user interaction as the victim must open a malicious file to trigger the arbitrary code execution.

Mitigation and Prevention

To safeguard against CVE-2021-35980, immediate steps should be taken along with adopting long-term security practices.

Immediate Steps to Take

Users are advised to update their Adobe Acrobat Reader to the latest version and avoid opening files from untrusted sources.

Long-Term Security Practices

Regularly update software, implement security best practices, and educate users on identifying and avoiding suspicious files.

Patching and Updates

Adobe has released security updates to address this vulnerability. Users are recommended to apply the latest patches.