Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
August 17, 2021Rewterz Threat Advisory –CVE-2021-34730 – Cisco Small Business Routers Vulnerability
August 20, 2021Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
August 17, 2021Rewterz Threat Advisory –CVE-2021-34730 – Cisco Small Business Routers Vulnerability
August 20, 2021Severity
High
Analysis Summary
CVE-2021-36067 ; CVE-2021-36068 ; CVE-2021-36069 ; CVE-2021-36049 ; CVE-2021-36076 ; CVE-2021-36059 ; CVE-2021-36078 ; CVE-2021-36079 ; CVE-2021-36074 ; CVE-2021-36070
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36072
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36073
Adobe Bridge is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-36075
Adobe Bridge is vulnerable to a buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-36077
Adobe Bridge is vulnerable to a denial of service, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-36071
Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-36065
Adobe Photoshop is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash
CVE-2021-36066
Adobe Photoshop could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36046
Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36045
Adobe XMP-Toolkit-SDK could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVE-2021-36047 ; CVE-2021-36048
Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36050 ; CVE-2021-36051
Adobe XMP-Toolkit-SDK is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-36052
Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36053
Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by an out-of-bounds read. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-36054
Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-36055
Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-36057
Adobe XMP-Toolkit-SDK could allow a local attacker to execute arbitrary code on the system, caused by a write-what-where condition. An attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36064
Adobe XMP-Toolkit-SDK could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow. An attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2021-36058
Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by an integer overflow or wraparound. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-36002
Adobe Captivate could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the creation of a temporary file in the directory with incorrect permissions. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Unauthorized Access
- Denial of Services
- Information Disclosure
- Code Execution
- Buffer Overflow
- Privilege Escalation
Affected Vendors
Adobe
Affected Products
- Adobe Bridge 11.1
- Adobe Media Encoder 15.4
- Adobe Photoshop 2020 21.2.10
- Adobe Photoshop 2021 22.4.3
- Adobe XMP-Toolkit-SDK 2020.1
- Adobe Captivate 2019 11.5.5
Remediation
Refer to this advisory for the patch, upgrade, or suggested workaround information.
https://helpx.adobe.com/security/products/bridge/apsb21-69.html