CVE-2021-28550

CRITICAL Year: 2021
CVSS v3 Score
9.6
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Related Vulnerabilities

CVE-2018-17462

CRITICAL
CVSS:9.6(Critical)

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

CWE-4162018

CVE-2018-6127

CRITICAL
CVSS:9.6(Critical)

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...

CWE-4162018

CVE-2019-5759

CRITICAL
CVSS:9.6(Critical)

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2019-5850

CRITICAL
CVSS:9.6(Critical)

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CWE-4162019

CVE-2019-5870

CRITICAL
CVSS:9.6(Critical)

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2020-16014

CRITICAL
CVSS:9.6(Critical)

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162020