CVE-2021-39860 : What You Need to Know
Learn about CVE-2021-39860, a medium severity Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference vulnerability. Find out affected versions and mitigation steps.
Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference vulnerability affecting Acrobat Reader.
Understanding CVE-2021-39860
This CVE involves a Null pointer dereference vulnerability in Adobe Acrobat Reader DC Search Plugin.
What is CVE-2021-39860?
- Adobe Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier), and 2017.011.30199 (and earlier) are affected.
- An unauthenticated attacker could exploit this vulnerability to reveal sensitive user memory.
- Exploitation requires user interaction by opening a malicious file.
The Impact of CVE-2021-39860
- CVSS v3.1 Base Score: 5.5 (Medium severity)
- Confidentiality Impact: High
- Attack Complexity: Low
- User Interaction: Required
Technical Details of CVE-2021-39860
The technical details of the vulnerability.
Vulnerability Description
- Type: Null Pointer Dereference (CWE-476)
- Discovery: External
Affected Systems and Versions
- Adobe Acrobat Reader (Acrobat Pro DC)
- Versions: <= 2020.004.30006, <= 2017.011.30199, <= 2021.005.20060, <= None
Exploitation Mechanism
- Requires user interaction to open a malicious file
Mitigation and Prevention
Steps to address the CVE-2021-39860 vulnerability.
Immediate Steps to Take
- Update to the latest version of Adobe Acrobat Reader
- Be cautious while opening files from unknown sources
- Monitor Adobe security advisories
Long-Term Security Practices
- Regularly update software and apply patches
- Implement security training for users to recognize phishing attempts
Patching and Updates
- Adobe released a security update to address this vulnerability