Vulnerability CVE-2021-40725

Vulnerability Name:

CVE-2021-40725 (CCN-210933)

Assigned:

2021-09-14

Published:

2021-09-14

Updated:

2021-11-06

Summary:

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-40725

Source: XF
Type: UNKNOWN
adobe-readerdc-cve202140725-code-exec(210933)

Source: CCN
Type: Adobe Security Bulletin APSB21-55
Security?update available?for Adobe Acrobat and Reader

Source: MISC
Type: Release Notes, Vendor Advisory
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Source: CCN
Type: ZDI-21-1250
Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1250/

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (Version >= 17.011.30059 and <= 17.011.30199)

OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (Version >= 17.011.30059 and <= 17.011.30199)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* (Version >= 20.001.30005 and <= 20.004.30006)

OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* (Version >= 20.001.30005 and <= 20.004.30006)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* (Version >= 15.008.20082 and <= 21.005.20058)

OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* (Version >= 15.008.20082 and <= 21.005.20058)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* (Version >= 15.008.20082 and <= 21.005.20060)

OR cpe:/a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* (Version >= 15.008.20082 and <= 21.005.20060)

AND

cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK