Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 13 vulnerabilities included in the February 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary.

APSB21-09 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

Acrobat DC Continuous 2020.013.20074 and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 2020.013.20074 and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS

CVE-2021-21017 – Heap-based Buffer Overflow leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21021 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21028 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21035 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21039 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21040 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21041 – Use After Free leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21042 – Out-of-bounds Read leading to Privilege escalation.

Severity: Important

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21057 – NULL Pointer Dereference leading to Information Disclosure.

Severity: Important

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21058 – Buffer overflow leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21059 – Buffer overflow leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21062 – Buffer overflow leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox

CVE-2021-21063 – Buffer overflow leading to Arbitrary code execution.

Severity: Critical

Subscriptions Required

Advanced Threat Protection
Advanced Cloud Sandbox