CVE-2021-45060 : What You Need to Know
Discover how CVE-2021-45060 impacts Adobe Acrobat Reader DC versions, the severity, and steps to prevent remote code execution. Learn mitigation strategies and update recommendations.
Adobe Acrobat Reader DC TTF Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability discovered on January 11, 2022, can lead to remote code execution.
Understanding CVE-2021-45060
Adobe Acrobat Reader DC versions 21.007.20099, 20.004.30017, and 17.011.30204 are affected by an out-of-bounds read vulnerability when parsing specific files, potentially allowing malicious code execution.
What is CVE-2021-45060?
Acrobat Reader versions prone to a vulnerability where parsing certain files can result in memory structure corruption, enabling an attacker to execute code within the user's context.
The Impact of CVE-2021-45060
- Attack Complexity: Low
- Attack Vector: Local
- Confidentiality, Integrity, and Availability Impact: High
- User Interaction Required
Technical Details of CVE-2021-45060
Adobe Acrobat Reader DC TTF Font Parsing vulnerability details.
Vulnerability Description
An out-of-bounds read issue in Acrobat Reader could allow an attacker to execute code leveraging user interaction.
Affected Systems and Versions
- Adobe Acrobat Reader DC versions 21.007.20099, 20.004.30017, 17.011.30204
Exploitation Mechanism
The vulnerability requires a victim to open a malicious file to exploit the out-of-bounds read flaw.
Mitigation and Prevention
Steps to address and prevent CVE-2021-45060.
Immediate Steps to Take
- Update Acrobat Reader to the latest version
- Avoid opening files from untrusted sources
Long-Term Security Practices
- Regularly update software and security patches
- Educate users on safe file handling practices
Patching and Updates
Apply the latest security updates provided by Adobe for Acrobat Reader.