CVE-2021-21042

MEDIUM

Adobe Acrobat and Acrobat Reader < 17.011.30188 and < 20.013.20074 - Out-of-bounds Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-21042. PoCs published by r1l4-i3pur1l4, NattiSamson.

AI-analyzed exploit summary This PoC exploits an information disclosure vulnerability in Adobe Reader by leveraging the Collab.documentToStream API to leak memory addresses via the /ID tag. The script extracts and parses memory addresses from the document stream, demonstrating the vulnerability.

Description

Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (2)

nomisec WORKING POC 3 stars
by r1l4-i3pur1l4 · poc
https://github.com/r1l4-i3pur1l4/CVE-2021-21042

This PoC exploits an information disclosure vulnerability in Adobe Reader by leveraging the Collab.documentToStream API to leak memory addresses via the /ID tag. The script extracts and parses memory addresses from the document stream, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader (specific version not specified)
No auth needed
Prerequisites: Victim must open a malicious PDF file in Adobe Reader
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB 3 stars
by NattiSamson · poc
https://github.com/NattiSamson/CVE-2021-21042

The repository contains only a minimal README with no exploit code or technical details. It claims to be an exploit for CVE-2021-21042 but lacks any functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.1470
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (4)
adobe/acrobat 17.0 - 17.011.30188
adobe/acrobat_dc < 20.013.20074
adobe/acrobat_reader 17.0 - 17.011.30188
adobe/acrobat_reader_dc < 20.013.20074
Published Feb 11, 2021
Tracked Since Feb 18, 2026