Request a Demo
Rewterz
Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
August 17, 2021
Rewterz
Rewterz Threat Advisory –CVE-2021-34730 – Cisco Small Business Routers Vulnerability
August 20, 2021

Rewterz Threat Advisory – Multiple Adobe Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-36067 ; CVE-2021-36068 ; CVE-2021-36069 ; CVE-2021-36049 ; CVE-2021-36076 ; CVE-2021-36059 ; CVE-2021-36078 ; CVE-2021-36079 ; CVE-2021-36074 ; CVE-2021-36070

Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36072

Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36073

Adobe Bridge is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-36075

Adobe Bridge is vulnerable to a buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-36077

Adobe Bridge is vulnerable to a denial of service, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-36071

Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-36065

Adobe Photoshop is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash

CVE-2021-36066

Adobe Photoshop could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36046

Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36045

Adobe XMP-Toolkit-SDK could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.

CVE-2021-36047 ; CVE-2021-36048

Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36050 ; CVE-2021-36051

Adobe XMP-Toolkit-SDK is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-36052

Adobe XMP-Toolkit-SDK could allow a remote attacker to execute arbitrary code on the system, caused by an access of memory location after the end of buffer error. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36053

Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by an out-of-bounds read. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-36054

Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-36055

Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-36057

Adobe XMP-Toolkit-SDK could allow a local attacker to execute arbitrary code on the system, caused by a write-what-where condition. An attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36064

Adobe XMP-Toolkit-SDK could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow. An attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2021-36058

Adobe XMP-Toolkit-SDK is vulnerable to a denial of service, caused by an integer overflow or wraparound. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-36002

Adobe Captivate could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the creation of a temporary file in the directory with incorrect permissions. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

  • Unauthorized Access
  • Denial of Services
  • Information Disclosure
  • Code Execution
  • Buffer Overflow
  • Privilege Escalation

Affected Vendors

Adobe

Affected Products

  • Adobe Bridge 11.1
  • Adobe Media Encoder 15.4
  • Adobe Photoshop 2020 21.2.10
  • Adobe Photoshop 2021 22.4.3
  • Adobe XMP-Toolkit-SDK 2020.1
  • Adobe Captivate 2019 11.5.5

Remediation

Refer to this advisory for the patch, upgrade, or suggested workaround information.

https://helpx.adobe.com/security/products/bridge/apsb21-69.html