Bulletin ID
Last updated on
Oct 4, 2021
Security updates available for Adobe Premiere Elements | APSB21-78
|
|
Date Published |
Priority |
|---|---|---|
|
ASPB21-78 |
September 14, 2021 |
3 |
Summary
Adobe has released updates for Adobe Premiere Elements for Windows and macOS. This update addresses multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Premiere Elements |
2021 [build 19.0 (20210127.daily.2235820) and earlier] |
Windows and macOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users to download the new installer and upgrade their installations.
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Premiere Elements |
2021 [build 19.0 (20210809.daily.2242976)] |
Windows and macOS |
3 |
Note:
To verify the version of Premiere Elements on your system, please follow the following steps:
- Help
- About Premiere Elements menu
- The splash screen would show the current version and build number.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-39824 |
|
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-40701 |
|
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-40700 CVE-2021-40703 CVE-2021-40702 |
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- CQY of Topsec Alpha Team (yjdfy) (CVE-2021-40700, CVE-2021-39824, CVE-2021-40702)
- CFF of Topsec Alpha Team (cff_123) (CVE-2021-40703, CVE-2021-40701)
Revisions
June 28, 2021: Included a note containing the steps to verify the installer version.
October 4, 2021: Updated CVSS base score and vector for CVE-2021-39824. and CVE-2021-40701.
October 4, 2021: Updated Severity for CVE-2021-40701.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
