CVE-2021-44739 LOW

CVE-2021-44739: Adobe Acrobat Reader DC add-on (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Auth leak vulnerability

Vendor Adobe
Product Acrobat Reader
Weakness CWE-200 · Info exposure
Published January 14, 2022
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.

Key dates

02Disclosure timeline

January 14, 2022 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-40940 CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User CVE-2024-8978 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure