CVE-2021-44714 Information

Description

Acrobat Reader DC version 21.007.20099 (and earlier) 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file which could be used by an attacker to mislead the user. In affected versions this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click ‘allow’ on the warning message of a malicious file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.3