Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

  • Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.
  • Adobe Experience Manager (AEM) Forms is a solution within the AEM platform that allows businesses to create, manage, and deploy digital forms, integrating with back-end processes, business rules, and data for seamless customer experiences across web and mobile channels.
  • Adobe ColdFusion is a commercial, rapid web application development platform and scripting language (CFML) that simplifies building dynamic web applications, allowing for easy integration with databases, APIs, and other systems, and supporting both on-premises and cloud deployments.
  • Adobe After Effects is a powerful software used for creating motion graphics, visual effects, and compositing in film, television, and online content.
  • Adobe Media Encoder is a standalone media transcoding and rendering application, part of the Adobe Creative Cloud, that allows users to convert and export video and audio files to various formats, optimize them for different platforms, and automate workflows.
  • Adobe Bridge is a free, digital asset management software that lets you preview, organize, edit, and publish creative assets, including images, videos, and other files, quickly and easily.
  • Adobe Premiere Pro is a professional-grade, timeline-based, non-linear video editing software used for tasks like cutting footage, adding effects, color correction, and audio mixing.
  • Adobe Photoshop is a powerful, industry-leading raster graphics editor and image editing software developed by Adobe, used by photographers, graphic designers, and artists to create, edit, and manipulate digital images.
  • Adobe Animate is a software application used for creating interactive animations, multimedia content, and web applications, allowing users to design animations for cartoons, banners, games, and the web.
  • Adobe Experience Manager (AEM) Screens is a digital signage solution that allows you to create, manage, and publish dynamic and interactive digital experiences across various screens and displays in physical venues, built on top of the AEM platform.
  • Adobe FrameMaker is a powerful, market-leading document processor and authoring tool primarily used for creating and publishing large, complex, and structured technical documentation, including manuals, online help, and other technical content, in various formats like PDF, HTML5, and more.
  • Adobe XMP Toolkit SDK is a set of documentation and libraries that allows developers to integrate XMP (Extensible Metadata Platform) functionality into their applications, enabling them to read, write, and manipulate metadata in various file formats.
  •  

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read more... Cyber Security Advisories - MS-ISAC