HTTP: Adobe Acrobat Reader DC Annots.api setProps Use After Free

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Acrobat Reader. A successful attack can lead to arbitrary code execution.

Extended Description

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References

CVE: CVE-2021-28550

Short Name
HTTP:STC:ADOBE:DC-ANNOTS-UAF
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Acrobat Adobe After Annots.api CVE-2021-28550 DC Free Reader Use setProps
Release Date
05/20/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3419
False Positive
Rarely
CVSS Score

6.8

Found a potential security threat?