Security Updates Available for Adobe Bridge CC | APSB19-25
Bulletin ID Date Published Priority
APSB19-25 April 09, 2019 2

Summary

Adobe has released security updates for Adobe Bridge CC. These updates address critical findings that could result in remote code execution in the context of the current user.

Affected Versions

Product Version Platform
Adobe Bridge CC 9.0.2 Windows and macOS

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Bridge CC 9.0.3 Windows and macOS 2 Download Page

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Heap Overflow Remote Code Execution Critical CVE-2019-7130
Out-of-Bounds Write Remote Code Execution Critical CVE-2019-7132
Out-of-Bounds Read Information Disclosure Important

CVE-2019-7133

CVE-2019-7134

CVE-2019-7135

CVE-2019-7138

Use After Free Information Disclosure Important CVE-2019-7136
Memory Corruption Information Disclosure Important CVE-2019-7137 

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Francis Provencher working with Trend Micro Zero Day Initiative (CVE-2019-7130, CVE-2019-7134, CVE-2019-7135, CVE-2019-7136, CVE-2019-7137, CVE-2019-7138)

  • Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-7132, CVE-2019-7133)