CVE-2021-21042
MEDIUMAdobe Acrobat and Acrobat Reader < 17.011.30188 and < 20.013.20074 - Out-of-bounds Read
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2021-21042. PoCs published by r1l4-i3pur1l4, NattiSamson.
AI-analyzed exploit summary This PoC exploits an information disclosure vulnerability in Adobe Reader by leveraging the Collab.documentToStream API to leak memory addresses via the /ID tag. The script extracts and parses memory addresses from the document stream, demonstrating the vulnerability.
Description
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Exploits (2)
This PoC exploits an information disclosure vulnerability in Adobe Reader by leveraging the Collab.documentToStream API to leak memory addresses via the /ID tag. The script extracts and parses memory addresses from the document stream, demonstrating the vulnerability.
The repository contains only a minimal README with no exploit code or technical details. It claims to be an exploit for CVE-2021-21042 but lacks any functional content.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N