CVE-2021-45061 Explained : Impact and Mitigation
Acrobat Reader DC versions are vulnerable to an out-of-bounds write flaw, impacting confidentiality, integrity, and availability. Learn about the impact, technical details, and mitigation steps.
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Understanding CVE-2021-45061
Adobe Acrobat Reader DC versions 21.007.20099, 20.004.30017, and 17.011.30204 are affected by an out-of-bounds write vulnerability.
What is CVE-2021-45061?
- Acrobat Reader DC versions are susceptible to an out-of-bounds write flaw.
- Exploitation could lead to arbitrary code execution under the current user's context.
- User interaction is required, where victims need to open a malicious file.
The Impact of CVE-2021-45061
- CVSS Base Score: 7.8 (High Severity)
- Attack Complexity: Low
- Attack Vector: Local
- Availability Impact: High
- Confidentiality Impact: High
- Integrity Impact: High
- User Interaction: Required
Technical Details of CVE-2021-45061
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Vulnerability
Vulnerability Description
- Out-of-bounds write vulnerability in Adobe Acrobat Reader DC font parsing.
Affected Systems and Versions
- Products: Adobe Acrobat Reader
- Versions Affected: 21.007.20099, 20.004.30017, 17.011.30204, and unspecified prior
Exploitation Mechanism
- Requires user interaction through opening a malicious file.
Mitigation and Prevention
To address CVE-2021-45061, take the following steps:
Immediate Steps to Take
- Update Adobe Acrobat Reader to the latest version.
- Exercise caution when opening files from unknown or untrusted sources.
Long-Term Security Practices
- Regularly update software and security patches.
- Implement security awareness training for users to recognize potential threats.
Patching and Updates
- Adobe has released patches to address the vulnerability. Ensure timely installation of these updates.