CVE-2021-45067

MEDIUM

Adobe Acrobat DC < 21.007.20099 - Memory Corruption

Title source: rule

Description

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (1)

nomisec WORKING POC 23 stars

by hacksysteam · poc

https://github.com/hacksysteam/CVE-2021-45067

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Scores

CVSS v3 5.5

EPSS 0.0184

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-119 CWE-788

Status published

Products (4)

adobe/acrobat 17.011.30059 - 17.011.30204

adobe/acrobat_dc 15.008.20082 - 21.007.20099

adobe/acrobat_reader 17.011.30059 - 17.011.30204

adobe/acrobat_reader_dc 15.008.20082 - 21.007.20099

Published Jan 14, 2022

Tracked Since Feb 18, 2026