Rewterz Threat Advisory – CVE-2021-44747 – F-Secure Linux Security Vulnerability
March 4, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
March 4, 2022Severity
Medium
Analysis Summary
CVE-2021-42734
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2021-39865
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2021-42734
- CVE-2021-39865
Affected Vendors
Adobe
Affected Products
- Adobe Photoshop
- Adobe FrameMaker
Remediation
Refer to Adobe Advisory for the patch, upgrade, or suggested workaround information.
CVE-2021-42734
https://helpx.adobe.com/security/products/photoshop/apsb21-109.html
CVE-2021-39865
https://helpx.adobe.com/security/products/framemaker/apsb21-74.html