CVE-2021-39863

HIGH

Adobe Acrobat and Reader DC < 21.005.20060 - Heap-based Buffer Overflow via Crafted PDF File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-39863. PoCs published by lsw29475, WHS-SEGFAULT.

AI-analyzed exploit summary This is a functional exploit PoC for CVE-2021-39863, leveraging a use-after-free vulnerability in Adobe Acrobat Reader to achieve arbitrary memory read/write and execute shellcode. The exploit uses heap spraying and ArrayBuffer manipulation to corrupt memory and hijack execution flow.

Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (2)

nomisec WORKING POC 2 stars

by lsw29475 · poc

https://github.com/lsw29475/CVE-2021-39863

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2021-39863, leveraging a use-after-free vulnerability in Adobe Acrobat Reader to achieve arbitrary memory read/write and execute shellcode. The exploit uses heap spraying and ArrayBuffer manipulation to corrupt memory and hijack execution flow.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Adobe Acrobat Reader DC (versions prior to 21.007.20099)

No auth needed

Prerequisites: Victim must open a malicious PDF file in a vulnerable version of Adobe Acrobat Reader

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by WHS-SEGFAULT · poc

https://github.com/WHS-SEGFAULT/CVE-2021-39863

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2021-39863, demonstrating a heap-based buffer overflow vulnerability in the URL parsing logic of a target software. The exploit manipulates URL concatenation to trigger memory corruption, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a web server or URL parsing library)

No auth needed

Prerequisites: Network access to the vulnerable service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Scores

CVSS v3 7.8

EPSS 0.1250

EPSS Percentile 95.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-122

Status published

Products (6)

adobe/acrobat 20.001.30005 - 20.004.30006

adobe/acrobat_2017 17.011.30059 - 17.011.30199

adobe/acrobat_dc 15.008.20082 - 21.005.20060

adobe/acrobat_reader 20.001.30005 - 20.004.30006

adobe/acrobat_reader_2017 17.011.30059 - 17.011.30199

adobe/acrobat_reader_dc 15.008.20082 - 21.005.20060

Published Sep 29, 2021

Tracked Since Feb 18, 2026