CVE-2021-39855
MEDIUMAdobe Acrobat and Reader DC < 21.005.20058 - Unauthenticated Information Disclosure via ActiveX Control
Title source: llmDescription
Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html
Scores
CVSS v3
6.5
EPSS
0.0229
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
adobe/acrobat
17.011.30059 - 17.011.30199
adobe/acrobat_dc
15.008.20082 - 21.005.20058
adobe/acrobat_reader
17.011.30059 - 17.011.30199
adobe/acrobat_reader_dc
15.008.20082 - 21.005.20058
Published
Sep 29, 2021
Tracked Since
Feb 18, 2026