CVE-2021-45063 : Security Advisory and Response

Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability

Understanding CVE-2021-45063

Acrobat Reader DC versions 21.007.20099 and earlier, 20.004.30017 and earlier, and 17.011.30204 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions, leading to sensitive memory disclosure.

What is CVE-2021-45063?

Vulnerability in Acrobat Reader DC potentially enables disclosure of sensitive memory through a use-after-free flaw during Format event action processing.
Attackers exploiting this issue may overcome mitigations like ASLR by tricking users into opening malicious files.

The Impact of CVE-2021-45063

CVSS Score: 3.3 (Low)
Attack Complexity: Low
Attack Vector: Local
User Interaction: Required
Confidentiality Impact: Low

Technical Details of CVE-2021-45063

Acrobat Reader DC is susceptible to a use-after-free vulnerability with the following details:

Vulnerability Description

Use-after-free flaw in the Format event actions processing

Affected Systems and Versions

Adobe Acrobat Reader versions 21.007.20099 and earlier
Adobe Acrobat Reader versions 20.004.30017 and earlier
Adobe Acrobat Reader versions 17.011.30204 and earlier

Exploitation Mechanism

Successful exploitation requires user interaction to open a malicious file

Mitigation and Prevention

Immediate action and long-term strategies to address CVE-2021-45063:

Immediate Steps to Take

Update Adobe Acrobat Reader to the latest version
Exercise caution when opening files from unknown sources

Long-Term Security Practices

Regularly update software and apply security patches
Implement security awareness training for users
Utilize advanced threat protection solutions
Monitor and analyze suspicious activities

Patching and Updates

Adobe released security updates addressing CVE-2021-45063
Apply the latest patches to protect systems