Adobe Security Bulletin

Security Updates Available for Adobe Prelude | APSB21-96

Bulletin ID

Date Published

Priority

ASPB21-96

 October 26, 2021   

3

Summary

Adobe has released an update for Adobe Prelude for Windows and macOS. This update addresses critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution, memory leak and application denial of service. 

Affected Versions

Product

Version

Platform

Adobe Prelude 

10.1  and earlier versions     

Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism.  For more information, please reference this help page.

Product

Version

Platform

Priority Rating

Availability

Adobe Prelude 

22.0 

Windows and macOS

3

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Access of Memory Location After End of Buffer (CWE-788

Application denial-of-service 

Important

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 

CVE-2021-40770  

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-40771

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution 

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-40772    

NULL Pointer Dereference (CWE-476

Application denial-of-service

Important 

5.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-40773

NULL Pointer Dereference (CWE-476

Application denial-of-service

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-40774   

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution 

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-40775  

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-42738

CVE-2021-43011

CVE-2021-43012     

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-42737  

Improper Input Validation (CWE-20

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-42733 

Acknowledgments

Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:   

  • (hy350) HY350 of Topsec Alpha Team (CVE-2021-40773; CVE-2021-40774)

  • (yjdfy) CQY of Topsec Alpha Team (CVE-2021-40775; CVE-2021-42738; CVE-2021-42737; CVE-2021-42733, CVE-2021-43011, CVE-2021-43012)

  • (cff_123) CFF of Topsec Alpha Team (CVE-2021-40772; CVE-2021-40771; CVE-2021-40770) 

Revisions

 

  • October 28, 2021: Added details for CVE-2021-43011 and CVE-2021-43012.
  • November 2, 2021: Updated acknowledgements for CVE-2021-40733.
  • November 11, 2021: Updated vulnerability details for CVE-2021-40773



 


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com 

Adobe logo

Sign in to your account