Vulnerability Description
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Dc | >= 17.011.30059, <= 17.011.30199 |
| Adobe | Acrobat Reader Dc | >= 17.011.30059, <= 17.011.30199 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/acrobat/apsb21-55.htmlRelease NotesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1250/Third Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/acrobat/apsb21-55.htmlRelease NotesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1250/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-40725?
CVE-2021-40725 is a vulnerability with a CVSS score of 7.8 (HIGH). Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox t...
How severe is CVE-2021-40725?
CVE-2021-40725 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40725?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Dc, Adobe Acrobat Reader Dc, Apple Macos, Microsoft Windows.