Aperçu
Adobe Acrobat Reader contains a prototype pollution vulnerability that allows attackers to execute arbitrary code when a victim opens a malicious PDF file. The vulnerability stems from improperly controlled modification of object prototype attributes, which can be exploited to gain code execution in the context of the current user. La vulnérabilité a été divulguée le April 11, 2026. CISA a identifié CVE-2026-34621 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
A prototype pollution vulnerability exists in Adobe Acrobat Reader where the application improperly handles object prototype attributes. An attacker can craft a malicious PDF file that, when opened by a victim, modifies JavaScript prototype objects. This allows the attacker to inject malicious code that executes within the reader's JavaScript execution context, leading to arbitrary code execution with the privileges of the user running Acrobat Reader.
La vulnérabilité est classifiée comme CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')) etCWE-94 (Improper Control of Generation of Code ('Code Injection')) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 8.8 (HIGH) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indiquant sa nature high.
Impact
An attacker can execute arbitrary code with the same privileges as the user running Acrobat Reader. This could lead to complete system compromise, including theft of sensitive documents, installation of malware, credential theft, and lateral movement within a network. Given that Acrobat Reader is commonly used to open untrusted PDF files from the internet, this vulnerability poses a significant risk.
Mitigation et contournements
Update Adobe Acrobat Reader to the latest patched version. Users can check for updates through Help > Check for Updates or visit Adobe's website for direct download. Les versions suivantes incluent les correctifs nécessaires : Acrobat Reader 24.001.30365 or later (for 24.x branch), Acrobat Reader 26.001.21380 or later (for 26.x branch).
Comme contournements temporaires : disable javascript execution in acrobat reader (edit > preferences > javascript > enable acrobat javascript) to prevent prototype pollution-based code execution. this mitigates the attack but may disable legitimate pdf features.; only open pdf files from trusted sources. be cautious of unsolicited pdf attachments or pdfs from unknown websites., et run acrobat reader in a sandboxed or isolated environment or virtual machine to limit the impact of code execution..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Source : Ce rapport a été généré par IA
