CVE-2021-44701: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-44701) was identified in Adobe Acrobat Reader DC, affecting versions 21.007.20099 and earlier, 20.004.30017 and earlier, and 17.011.30204 and earlier. The vulnerability was discovered in the processing of Format event actions and was officially disclosed on January 14, 2022. This security flaw affects both Windows and macOS operating systems (NVD, CVE).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs during the processing of Format event actions. It received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The CVSS score indicates that while the attack requires local access and user interaction, it can result in high impacts across confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The potential impact is significant as it could allow attackers to execute malicious code with the same privileges as the user running the Adobe Acrobat Reader application (NVD).

Adobe has released security updates to address this vulnerability through their security bulletin APSB22-01. Users are advised to update their Adobe Acrobat and Reader installations to the latest version to mitigate this security risk (Adobe Advisory).

The vulnerability was discovered and reported by Ashfaq Ansari and Krishnakant Patil from HackSys Inc, working with Trend Micro Zero Day Initiative (Adobe Advisory).