CVE-2021-44711: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier), and 17.011.30204 (and earlier) were affected by an Integer Overflow or Wraparound vulnerability identified as CVE-2021-44711. The vulnerability was discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos and was publicly disclosed on January 11, 2022 (Talos Blog, NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) that occurs in the way Acrobat Reader processes JavaScript within PDF files. The issue is triggered when a user opens a specially crafted PDF file containing malicious JavaScript code. The vulnerability received a CVSS v3.1 Base Score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically opening a malicious PDF file (NVD).

Adobe has released updates to address this vulnerability. Users are advised to update their Adobe Acrobat Reader installations to versions newer than 21.007.20099 (Talos Blog).