silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices.
The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film making and video game production, and Adobe Media Encoder, an application to help with media processing requirements for audio and video.
“Both vulnerabilities can be exploited by a remote, unauthenticated attacker via the internet, and both exist “due to a boundary error when processing untrusted input,” according to an analysis of the flaws after they were disclosed Wednesday evening. “A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.”
Adobe After Effects has an out-of-bounds write flaw (CVE-2020-3765), which stems from write operations that then produce undefined or unexpected results. This could enable arbitrary code execution, according to Adobe’s update. Adobe After Effects versions 16.1.2 and earlier (for Windows) are affected. Users need to update to version 17.0.3, available on both Windows and macOS.