Multiple vulnerabilities in Adobe After Effects



Published: 2021-11-03
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2021-40751
CVE-2021-40752
CVE-2021-40753
CVE-2021-40754
CVE-2021-40755
CVE-2021-40756
CVE-2021-40757
CVE-2021-40758
CVE-2021-40759
CVE-2021-40760
CVE-2021-40761
CWE-ID CWE-788
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe After Effects
Client/Desktop applications / Multimedia software

Vendor Adobe

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57909

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40751

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57910

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40752

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57911

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40753

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57912

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40754

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57913

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40755

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU57918

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57914

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40757

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57915

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40758

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57917

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40759

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57916

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40760

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU57919

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe After Effects: 1.0 - 1.1, 2.0 - 2.0.1, 3.0 - 3.1, 4.0 - 4.1, 5.0 - 5.5, 6.0 - 6.5, 7.0, 8.0 - 8.0.2, 9.0 - 9.0.3, 10.0 - 10.5.1, 11.0 - 11.0.2, 12.0 - 12.2, 13.0 - 13.8.0, 14.0 - 14.2.1, 15.0 - 15.1.2, 16.0 - 16.1.2, 17.0.0 - 17.1.3, 18.0 - 18.4.1


CPE2.3 External links

http://helpx.adobe.com/security/products/after_effects/apsb21-79.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###