Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

  • Adobe After Effects is a digital effects, motion graphics, and compositing application.
  • Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences all from one cloud-native platform.
  • Adobe Connect is a secure, highly customizable web conferencing and virtual training platform used for webinars, online meetings, and e-learning.
  • Adobe Media Encoder is a transcoding and rendering application that lets you deliver audio and video files in a broad variety of formats.
  • Adobe Premiere Pro is a subscription-based timeline video editing software for film, TV, and web.
  • Adobe Substance 3D is a suite of tools for creating 3D content, including modeling, texturing, and rendering.
  • Content Authenticity SDK contains Rust and JavaScript libraries, enabling web pages to read, validate, create, and sign manifest data, and embed it in supported asset files.
  • Adobe Illustrator is vector graphics software used by designers to create scalable, high-resolution artwork such as logos, icons, illustrations, and typography.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read more... Cyber Security Advisories - MS-ISAC