Intrusion PreventionAdobe.Reader.Window.Procedure.WM_SETFOCUS.Use.After.Free
Description
This indicates an attack attempt to exploit a Use After Free Vulnerability in Adobe Systems Acrobat Reader DC.
The vulnerability is due to incorrect handling of AVWinTextEditControl objects in memory when processing the WM_SETFOCUS message. A remote attacker can exploit this vulnerability be enticing an unsuspecting user to open and interact with a crafted PDF document. Successful exploitation could result in arbitrary code execution in the context of the AcroRd32.exe process.
Affected Products
Adobe Systems Acrobat Reader 2017 (Classic) prior to 2017.011.30199
Adobe Systems Acrobat Reader 2020 (Classic) prior to 2020.004.30006
Adobe Systems Acrobat Reader DC (Continuous) prior to 2021.005.20058
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-10-14 | 18.179 | Sig Added |
| 2021-08-12 | 18.139 | Default_action:pass:drop |
| 2021-08-04 | 18.133 |
| ID | 50624 |
| Created | Jul 26, 2021 |
| Updated | Oct 13, 2021 |
| Risk |
|
| CVE ID | CVE-2021-28639 |
| Exploit Prediction Score | 8.12% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, MacOS |
| Affected App | Adobe |