CVE-2021-40723: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC was found to contain an out-of-bounds read vulnerability (CVE-2021-40723) affecting versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier. This security flaw could potentially expose sensitive memory information and requires user interaction through opening a malicious file (NVD, CVE).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (NVD).

Adobe has addressed this vulnerability in updated versions of the software. Users should upgrade to versions newer than 2020.013.20074 for the continuous track, 2020.001.30018 for the classic 2020 track, or 2017.011.30188 for the classic 2017 track (Adobe Advisory).