Rewterz Threat Advisory – Multiple Adobe After Effect and Lightroom Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-43027: CVE-2021-44195: CVE-2021-44194: CVE-2021-44193: CVE-2021-44192: CVE-2021-44191: CVE-2021-44190: CVE-2021-44189:     

Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-44188 

Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43755 

Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-43753 

Adobe Lightroom could allow a remote attacker to gain elevated privileges on the system, caused by a use-after-free flaw. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

• Information Disclosure
• Code Execution
• Privilege Escalation

Affected Vendors

Adobe

Affected Products

• Adobe After Effects 22.0
• Adobe After Effects 18.4.2
• Adobe Lightroom 4.4

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

Adobe After Effects:

Adobe Lightroom: