CVE-2021-35982 - OpenCVE

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Acrobat Reader Dc Acrobat Dc
Microsoft	Windows
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

OR	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*

Configuration 6 [-]

AND

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

OR	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*

References

Link	Resource
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2021-09-14T00:00:00

Updated: 2022-01-28T21:51:46

Reserved: 2021-06-30T00:00:00

Link: CVE-2021-35982

JSON object: View

NVD Information

Status : Modified

Published: 2021-09-29T16:15:07.917

Modified: 2023-11-07T03:36:40.060

Link: CVE-2021-35982

JSON object: View

Redhat Information

No data.

CWE

CWE-427