RULE(RULE ID:715005)

Rule General Information
Release Date: 2021-07-27
Rule Name: Adobe Acrobat Use After Free Vulnerability (CVE-2021-28635)
Severity:
CVE ID:
Rule Protection Details
Description: Adobe Acrobat is a set of PDF file editing and conversion tools in Adobe, USA. There is a resource management error vulnerability in Adobe Acrobat, which is derived from the product to the PDF load, and the attacker can initiate a heap-based buffer overflow and execute the code through the vulnerability. The following products and versions are affected: Adobe Acrobat DC 2020.001.30020、Adobe Acrobat DC 2020.001.30025、Adobe Acrobat DC 2020.004.30005、Adobe Acrobat DC 2020.006.20034、Adobe Acrobat DC 2020.006.20042、Adobe Acrobat DC 2020.009.20063、Adobe Acrobat DC 2020.009.20074、Adobe Acrobat DC 2020.012.20041、Adobe Acrobat DC 2020.012.20048、Adobe Acrobat DC 2020.013.20064、Adobe Acrobat DC 2020.013.20066、Adobe Acrobat DC 2020.013.20074、Adobe Acrobat DC 2021.001.20135、Adobe Acrobat DC 2021.001.201.
Impact: A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code.
Affected OS: Windows, Others
Reference: AdobeSecurityBulletins:apsb21-51
https://www.auscert.org.au/bulletins/ESB-2021.2374
https://vigilance.fr/vulnerability/Adobe-Acrobat-Reader-multiple-vulnerabilities-35879
https://www.cybersecurity-help.cz/vdb/SB2021071320
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://www.adobe.comdobe.com