CVE-2021-44713 : Security Advisory and Response
Adobe Acrobat Reader DC version 21.007.20099 is affected by a use-after-free vulnerability potentially leading to denial of service. Learn about the impact, technical details, and mitigation steps.
Adobe Acrobat Reader DC version 21.007.20099 (and earlier) is affected by a use-after-free vulnerability, potentially leading to denial of service.
Understanding CVE-2021-44713
What is CVE-2021-44713?
Adobe Acrobat Reader DC versions are prone to a use-after-free vulnerability during the processing of Format event actions.
The Impact of CVE-2021-44713
The vulnerability could result in an application denial of service if exploited through a malicious file that requires user interaction.
Technical Details of CVE-2021-44713
Vulnerability Description
- CVE ID: CVE-2021-44713
- CWE ID: CWE-416 (Use After Free)
- CVSS Base Score: 5.5 (Medium)
- Attack Complexity: Low
- Attack Vector: Local
- User Interaction: Required
- Availability Impact: High
Affected Systems and Versions
- Adobe Acrobat Reader DC <= 21.007.20099
- Adobe Acrobat Reader DC <= 20.004.30017
- Adobe Acrobat Reader DC <= 17.011.30204
Exploitation Mechanism
Exploitation requires user interaction, where a victim opens a malicious file triggering the use-after-free vulnerability.
Mitigation and Prevention
Immediate Steps to Take
- Update Adobe Acrobat Reader to the latest version
- Exercise caution while opening files from unknown or untrusted sources
Long-Term Security Practices
- Regularly update software and applications to patch known vulnerabilities
- Implement security awareness training for users to recognize potential threats
Patching and Updates
Ensure timely installation of security patches and updates provided by Adobe for Acrobat Reader.