CVE-2021-39856
MEDIUMAdobe Acrobat and Acrobat Reader DC < 21.005.20058 - Unauthenticated NTLMv2 Credential Disclosure via ActiveX Control
Title source: llmDescription
Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html
Scores
CVSS v3
6.5
EPSS
0.0229
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
adobe/acrobat
17.011.30059 - 17.011.30199
adobe/acrobat_dc
15.008.20082 - 21.005.20058
adobe/acrobat_reader
17.011.30059 - 17.011.30199
adobe/acrobat_reader_dc
15.008.20082 - 21.005.20058
Published
Sep 29, 2021
Tracked Since
Feb 18, 2026