Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Adobe Acrobat 操作系统命令注入漏洞

Adobe Acrobat是美国奥多比（Adobe）公司的一套PDF文件编辑和转换工具。 Adobe acrobat DC存在操作系统命令注入漏洞，该漏洞源于输入验证不当。攻击者可利用该漏洞执行任意的操作系统命令，并提高对系统的权限。

N/A

N/A