CVE-2021-21086

HIGH

Adobe Acrobat < 17.011.30188 - Out-of-Bounds Write

Title source: rule

Description

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (1)

nomisec WORKING POC 28 stars

by infobyte · poc

https://github.com/infobyte/Exploit-CVE-2021-21086

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Scores

CVSS v3 7.8

EPSS 0.1176

EPSS Percentile 93.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

adobe/acrobat 17.011.30056 - 17.011.30188

adobe/acrobat_dc 20.006.20042 - 20.013.20074

adobe/acrobat_reader 17.011.30059 - 17.011.30188

adobe/acrobat_reader_dc 20.006.20042 - 20.013.20074

Published Sep 02, 2021

Tracked Since Feb 18, 2026