Multiple vulnerabilities in Adobe Prelude

Published: 2021-11-01

Risk	High
Patch available	YES
Number of vulnerabilities	11
CVE-ID	CVE-2021-40770 CVE-2021-40771 CVE-2021-40772 CVE-2021-40773 CVE-2021-40774 CVE-2021-40775 CVE-2021-42738 CVE-2021-42737 CVE-2021-43011 CVE-2021-43012 CVE-2021-42733
CWE-ID	CWE-788 CWE-476 CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Prelude Client/Desktop applications / Multimedia software
Vendor	Adobe

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57806

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40770

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57807

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40771

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57808

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40772

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) NULL pointer dereference

EUVDB-ID: #VU57815

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40773

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) NULL pointer dereference

EUVDB-ID: #VU57816

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40774

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57809

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40775

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57810

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-42738

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57814

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-42737

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57812

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-43011

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57813

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-43012

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Input validation error

EUVDB-ID: #VU57817

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-42733

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Prelude: 7.0 - 10.1

CPE2.3

cpe:2.3:a:adobe:prelude:10.1:*:*:*:*:*:*:*

External links

http://helpx.adobe.com/security/products/prelude/apsb21-96.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?