Headline
CVE-2021-42526: Adobe Security Bulletin
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
Security updates available for Adobe Premiere Elements | APSB21-106
Bulletin ID
Date Published
Priority
ASPB21-106
October 26, 2021
3
Summary
Adobe has released updates for Adobe Premiere Elements for Windows and macOS. This update addresses multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and application denial of service.
Affected Versions
Product
Version
Platform
Adobe Premiere Elements
2021 [build 19.0 (20210809.daily.2242976) and earlier]
Windows and macOS
Solution
Adobe categorizes these updates with the following priority ratings and recommends users to download the new installer and upgrade their installations.
Product
Version
Platform
Priority
Availability
Adobe Premiere Elements
2021 [build 19.0 (20211007.daily.2243969)
Windows and macOS
3
Download Center
To verify the version of Premiere Elements on your system, please follow the following steps:
- Help
- About Premiere Elements menu
- The splash screen would show the current version and build number.
Vulnerability details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
NULL Pointer Dereference (CWE-476)
Application denial of service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-40785
Access of Memory Location After End of Buffer
(CWE-788)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-40786
Access of Memory Location After End of Buffer
(CWE-788)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-40787
NULL Pointer Dereference (CWE-476)
Application denial of service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-40788
NULL Pointer Dereference (CWE-476)
Application denial of service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-40789
Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42526
Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42527
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
(yjdfy) CQY of Topsec Alpha Team CVE-2021-40786; CVE-2021-40787; CVE-2021-42526; CVE-2021-42527
(hy350) HY350 of Topsec Alpha Team CVE-2021-40789; CVE-2021-40788; CVE-2021-40785
Revisions
November 11, 2021: Updated vulnerability details for CVE-2021-40785
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].