CVE-2021-34280 – CVE-2021-34280 is an uninitialized pointer vuln... (How to Fix)

Q: What is the severity of CVE-2021-34280?

CVE-2021-34280 has a CVSS score of 7.8 (HIGH). CVE-2021-34280 is an uninitialized pointer vulnerability in Polaris Office that allows remote code execution when a user opens a malicious PDF file. This affects Polaris Office v9.103.83.44230 users who process PDF documents. Attackers can exploit this to execute arbitrary code with the privileges of the user running Polaris Office.

📋 TL;DR

CVE-2021-34280 is an uninitialized pointer vulnerability in Polaris Office that allows remote code execution when a user opens a malicious PDF file. This affects Polaris Office v9.103.83.44230 users who process PDF documents. Attackers can exploit this to execute arbitrary code with the privileges of the user running Polaris Office.

💻 Affected Systems

Products:

Polaris Office

Versions: v9.103.83.44230

Operating Systems: Windows, macOS, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in both PolarisOffice.exe and EngineDLL.dll components. All installations with this version are vulnerable.

📦 What is this software?

Polaris Office by Polarisoffice

View all CVEs affecting Polaris Office →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms being established on the affected system.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious PDF, but PDFs are commonly shared via email and web.

🏢 Internal Only: HIGH - Internal users frequently share PDF documents, making social engineering attacks effective within organizations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a crafted PDF file. Public proof-of-concept code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after v9.103.83.44230

Vendor Advisory: https://www.polarisoffice.com/security

Restart Required: Yes

Instructions:

1. Open Polaris Office. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart Polaris Office. 5. Verify version is newer than v9.103.83.44230.

🔧 Temporary Workarounds

Disable PDF handling in Polaris Office

all

Configure Polaris Office to use external PDF viewer instead of built-in engine

Open Polaris Office > Settings > File Association > Uncheck PDF

Application sandboxing

windows

Run Polaris Office with reduced privileges using application control solutions

🧯 If You Can't Patch

Block PDF file extensions at email gateways and web proxies
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Polaris Office version in Help > About. If version is exactly v9.103.83.44230, system is vulnerable.

Check Version:

On Windows: wmic product where name="Polaris Office" get version

Verify Fix Applied:

Verify Polaris Office version is newer than v9.103.83.44230 after updating.

📡 Detection & Monitoring

Log Indicators:

PolarisOffice.exe crashes with access violation errors
Unusual child processes spawned from PolarisOffice.exe

Network Indicators:

Outbound connections from Polaris Office to unusual destinations
DNS requests for command and control domains

SIEM Query:

Process Creation where Image contains "PolarisOffice.exe" and CommandLine contains ".pdf"

📊 Metadata

CVE ID: CVE-2021-34280

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-824

Published: June 8, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-34280 Third Party Advisory
https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-34280 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34280, you might also want to check these: