CVE-2021-45067

MEDIUM

Adobe Acrobat and Reader DC < 21.007.20099 & < 17.011.30204 - Memory Access After Buffer End

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45067. PoCs published by hacksysteam.

AI-analyzed exploit summary This PoC exploits an out-of-bounds read vulnerability in Adobe Reader's XFA module by confusing ANSI and Unicode string handling, leading to information leakage from the sandboxed process. The exploit grooms the heap and triggers garbage collection to leak sensitive data via a web server.

Description

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (1)

nomisec WORKING POC 23 stars

by hacksysteam · poc

https://github.com/hacksysteam/CVE-2021-45067

View Code ZIP pw:eip

This PoC exploits an out-of-bounds read vulnerability in Adobe Reader's XFA module by confusing ANSI and Unicode string handling, leading to information leakage from the sandboxed process. The exploit grooms the heap and triggers garbage collection to leak sensitive data via a web server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adobe Reader (specific version not specified)

No auth needed

Prerequisites: Victim must open a malicious PDF with embedded XFA JavaScript · Web server to receive leaked data

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Scores

CVSS v3 5.5

EPSS 0.0387

EPSS Percentile 88.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-119 CWE-788

Status published

Products (4)

adobe/acrobat 17.011.30059 - 17.011.30204

adobe/acrobat_dc 15.008.20082 - 21.007.20099

adobe/acrobat_reader 17.011.30059 - 17.011.30204

adobe/acrobat_reader_dc 15.008.20082 - 21.007.20099

Published Jan 14, 2022

Tracked Since Feb 18, 2026