Critical Adobe Flaws Fixed in Out-of-Band Update

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices.

The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film making and video game production, and Adobe Media Encoder, an application to help with media processing requirements for audio and video.

“Both vulnerabilities can be exploited by a remote, unauthenticated attacker via the internet, and both exist “due to a boundary error when processing untrusted input,” according to an analysis of the flaws after they were disclosed Wednesday evening. “A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.”

Adobe After Effects has an out-of-bounds write flaw (CVE-2020-3765), which stems from write operations that then produce undefined or unexpected results. This could enable arbitrary code execution, according to Adobe’s update. Adobe After Effects versions 16.1.2 and earlier (for Windows) are affected. Users need to update to version 17.0.3, available on both Windows and macOS.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top