CVE-2021-44702

Published Jan 14, 2022

Last updated a year ago

Overview

Description
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.
Source
psirt@adobe.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity
MEDIUM

CVSS 3.0

Type
Secondary
Base score
3.1
Impact score
1.4
Exploitability score
1.6
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity
LOW

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-200
psirt@adobe.com
CWE-200

Social media

Hype score
Not currently trending

Configurations