Risk | High |
Patch available | YES |
Number of vulnerabilities | 10 |
CVE-ID | CVE-2021-40733 CVE-2021-42266 CVE-2021-42267 CVE-2021-42268 CVE-2021-42269 CVE-2021-42270 CVE-2021-42271 CVE-2021-42272 CVE-2021-42524 CVE-2021-42525 |
CWE-ID | CWE-788 CWE-476 CWE-416 CWE-787 CWE-125 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Animate Client/Desktop applications / Multimedia software |
Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
EUVDB-ID: #VU57677
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-40733
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57678
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42266
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57679
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42267
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57680
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42268
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57684
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42269
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57685
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42270
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing BMP files. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1255/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57686
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42271
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing BMP files. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1253/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57687
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42272
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing GIF files. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1252/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57688
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42524
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing BMP files. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1251/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57689
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42525
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when parsing SVG files. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 21.0.9
External linkshttp://helpx.adobe.com/security/products/animate/apsb21-105.html
http://www.zerodayinitiative.com/advisories/ZDI-21-1254/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.