CVE-2021-28550

HIGH KEV

Adobe Acrobat DC < 21.001.20150 - Use After Free

Title source: rule

Description

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (2)

[Release Notes, Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28550

Scores

CVSS v3 8.8

EPSS 0.3257

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-05-11

InTheWild.io 2021-05-11

ENISA EUVD EUVD-2021-15226

CWE

CWE-416

Status published

Products (4)

adobe/acrobat 17.011.30059 - 17.011.30194

adobe/acrobat_dc 15.008.20082 - 21.001.20150

adobe/acrobat_reader 17.011.30059 - 17.011.30194

adobe/acrobat_reader_dc 15.008.20082 - 21.001.20150

Published Sep 02, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026