Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered an arbitrary code execution vulnerability in Adobe Acrobat Reader.

Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. The software supports JavaScript so it can process interactive forms.

TALOS-2021-1233 (CVE-2021-28562) specifically exploits queries through JavaScript in a way that could allow an attacker to execute code on the targeted machine. An attacker needs to trick a user into opening a specially crafted, malicious PDF to exploit this vulnerability.

Cisco Talos worked with Adobe to ensure that that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update Adobe Acrobat Reader 2020.013.20074 as soon as possible. Talos tested and confirmed this version of Acrobat Reader could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57059 and 57060. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.