CVE-2021-28634

HIGH

Acrobat DC < 21.005.20054 and 17.011.30059-17.011.30197 - Authenticated OS Command Injection

Title source: llm

Description

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/acrobat/apsb21-51.html

Scores

CVSS v3 8.2

EPSS 0.0221

EPSS Percentile 80.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (4)

adobe/acrobat_dc 15.008.20082 - 21.005.20054

adobe/acrobat_dc 17.011.30059 - 17.011.30197

adobe/acrobat_reader_dc 15.008.20082 - 21.005.20054

adobe/acrobat_reader_dc 17.011.30059 - 17.011.30197

Published Aug 20, 2021

Tracked Since Feb 18, 2026