CVE-2021-28636

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
8.5
High
Weakness Type
CWE-427
View all →

Vulnerability Description

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Related Vulnerabilities

CVE-2015-1014

HIGH
CVSS:7.3(High)

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expe...

CWE-4272015

CVE-2017-4987

HIGH
CVSS:7.3(High)

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potenti...

CWE-4272017

CVE-2018-11049

HIGH
CVSS:7.3(High)

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unin...

CWE-4272018

CVE-2019-16407

HIGH
CVSS:7.3(High)

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

CWE-4272019

CVE-2019-19954

HIGH
CVSS:7.3(High)

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

CWE-4272019

CVE-2019-3613

HIGH
CVSS:7.3(High)

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CWE-4272019