Adobe patches a zero-day along with several critical and important vulnerabilities in Acrobat and Reader

Adobe patches a zero-day along with several critical and important vulnerabilities in Acrobat and Reader

Hello everyone,

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.       

Adobe has also patched CVE-2021-21017 which has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

The details of vulnerabilities patched are as follows: 


 CVE ID
 Vulnerability
 Impact
 Severity
 CVE-2021-21046
 Buffer overflow Application denial-of-service Important
 CVE-2021-21017
 Heap-based Buffer   Overflow Arbitrary code execution Critical
 CVE-2021-21037
 Path Traversal Arbitrary code execution Critical
 CVE-2021-21036
 Integer Overflow Arbitrary code execution Critical
 CVE-2021-21045
 Improper Access Control Privilege escalation Critical
 CVE-2021-21042
 CVE-2021-21034
 Out-of-bounds Read Privilege escalation Important
 CVE-2021-21061
 Use-after-free Information Disclosure Important
 CVE-2021-21044
 CVE-2021-21038
 Out-of-bounds Write Arbitrary code execution Critical
 CVE-2021-21058
 CVE-2021-21059
 CVE-2021-21062
 CVE-2021-21063
 Buffer overflow Arbitrary code execution Critical
 CVE-2021-21057
 NULL Pointer   Dereference Information Disclosure Important
 CVE-2021-21060
 Improper Input Validation Information Disclosure Important
 CVE-2021-21041
 CVE-2021-21040
 CVE-2021-21039
 CVE-2021-21035
 CVE-2021-21033
 CVE-2021-21028
 CVE-2021-21021
 Use After Free Arbitrary code execution Critical

To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the Patch IDs or Bulletin IDs relevant to the updates you want installed and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 318297 TU-137 Adobe Acrobat DC Pro and Standard (Continuous Track)   update - All languages (21.001.20135) (APSB21-09)
 318299 TU-072 Adobe Acrobat Reader DC (21.001.20135) (APSB21-09)
 318300 TU-073 Adobe Acrobat Reader DC MUI (21.001.20135) (APSB21- 09)
 318296 TU-753 Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track)   update - All languages (17.011.30190) (APSB21-09)
 318298 TU-754 Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30190)   (APSB21-09)
 318302 TU-1178 Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30020)   (APSB21-09)
 318303 TU-1222 Adobe Acrobat 2020 (Classic Track) (20.001.30020) (APSB21-09)

Cheers,

The ManageEngine team