Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NAdobe Acrobat
APPAdobe17.011.30059 – 17.011.3020420.001.30005 – 20.004.30017Adobe Acrobat DC
APPAdobe15.008.20082 – 21.007.20099Adobe Acrobat Reader
APPAdobe17.011.30059 – 17.011.3020420.001.30005 – 20.004.30017Adobe Acrobat Reader Dc
APPAdobe15.008.20082 – 21.007.20099Apple macOS
OSApplewszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio