Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{"nessus": [{"lastseen": "2022-06-23T14:53:05", "description": "The version of the Adobe Premiere Elements installed on the remote host is prior to 2021 build 19.0 (20211007.daily.2243969). It is, therefore, affected by multiple vulnerabilities including the following:\n\n - A NULL pointer de-reference flaw exists in Adobe Premier Elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition when the application attempts to read or write memory with a NULL pointer. (CVE-2021-40785)\n\n - Multiple arbitrary code execution vulnerabilities exist in Adobe Premier Elements. An unauthenticated, local attacker can exploit these to bypass authentication and execute arbitrary commands. (CVE-2021-40786, CVE-2021-40787, CVE-2021-42526, CVE-2021-42527)\n\n - Multiple denial of service (DoS) vulnerabilities exist in Adobe Premier Elements. An unauthenticated, local attacker can exploit this issue to cause the application to stop responding. (CVE-2021-40788, CVE-2021-40789)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-10-29T00:00:00", "type": "nessus", "title": "Adobe Premiere Elements Multiple Vulnerabilities (ASPB21-106)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40785", "CVE-2021-40786", "CVE-2021-40787", "CVE-2021-40788", "CVE-2021-40789", "CVE-2021-42526", "CVE-2021-42527"], "modified": "2022-03-23T00:00:00", "cpe": ["cpe:/a:adobe:premiere_elements"], "id": "ADOBE_PREMIERE_ELEMS_APSB21-106.NASL", "href": "https://www.tenable.com/plugins/nessus/154712", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154712);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/23\");\n\n script_cve_id(\n \"CVE-2021-40785\",\n \"CVE-2021-40786\",\n \"CVE-2021-40787\",\n \"CVE-2021-40788\",\n \"CVE-2021-40789\",\n \"CVE-2021-42526\",\n \"CVE-2021-42527\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0518\");\n\n script_name(english:\"Adobe Premiere Elements Multiple Vulnerabilities (ASPB21-106)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the Adobe Premiere Elements installed on the remote host is prior to 2021 build 19.0 \n(20211007.daily.2243969). It is, therefore, affected by multiple vulnerabilities including the following:\n\n - A NULL pointer de-reference flaw exists in Adobe Premier Elements. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition when the application attempts to read or write memory with a NULL \n pointer. (CVE-2021-40785)\n\n - Multiple arbitrary code execution vulnerabilities exist in Adobe Premier Elements. An unauthenticated, local \n attacker can exploit these to bypass authentication and execute arbitrary commands. \n (CVE-2021-40786, CVE-2021-40787, CVE-2021-42526, CVE-2021-42527)\n\n - Multiple denial of service (DoS) vulnerabilities exist in Adobe Premier Elements. An unauthenticated, local attacker\n can exploit this issue to cause the application to stop responding. (CVE-2021-40788, CVE-2021-40789)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15e531e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Adobe Premier Elements to build 19.0 (20211007.daily.2243969)\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:premiere_elements\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_premiere_elements_installed.nbin\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Premiere Elements\");\n script_require_ports(139, 445);\n\n exit(0);\n}\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'Adobe Premiere Elements', win_local:TRUE);\n\nif (\n app_info.version =~ \"19\\.0\" &&\n ( ( ver_compare(ver:app_info['Build timestamp'], fix:'20210809', strict:FALSE) < 0 ) ||\n ( (ver_compare(ver:app_info['Build timestamp'], fix:'20210809', strict:FALSE) == 0) &&\n (ver_compare(ver:app_info['Build level'], fix:'2242976', strict:FALSE) <= 0 )\n )\n )\n )\n{\n app_info['display_version'] = app_info['version'] + ' ' + app_info['Build info'];\n vcf::report_results(app_info:app_info, fix:'build 19.0 (20211007.daily.2243969)', severity:SECURITY_HOLE);\n}\nelse\n{\n vcf::audit(app_info);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2022-03-22T23:30:18", "description": "Adobe has released updates for Adobe Premiere Elements for Windows and macOS. This update addresses multiple [critical]() and [important]() vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and application denial of service. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-26T00:00:00", "type": "adobe", "title": "APSB21-106: Security update available for Adobe Premiere Elements", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40785", "CVE-2021-40786", "CVE-2021-40787", "CVE-2021-40788", "CVE-2021-40789", "CVE-2021-42526", "CVE-2021-42527"], "modified": "2021-10-26T00:00:00", "id": "APSB21-106:", "href": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-10-28T06:26:59", "description": "Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.\n\nThe majority of the disclosed bugs are [critical-severity problems](<https://threatpost.com/adobe-critical-flaws-windows/164611/>), and most allow arbitrary code execution (ACE). Privilege escalation, denial-of-service and memory leaks/information disclosure are all well-represented, as well.\n\nAdobe After Effects, Animate, Audition, Bridge, Character Animator, Illustrator, InDesign, Lightroom Classic, Media Encoder, Photoshop, Prelude, Premiere Pro, Premiere Elements and the XMP Toolkit SDK all received patches.\n\nThere\u2019s plenty of commonality across the advisories. For instance, the lion\u2019s share of the bugs allow access to a memory location after the end of a buffer, leading to ACE (a [type of memory issue](<https://cwe.mitre.org/data/definitions/788.html>) that can be exploited, like a standard buffer overflow in the worst-case scenario).\n\nAlso, almost all of the critical problems rate 7.8 on the CVSS vulnerability severity scale, except for one type. The advisory lists \u201cNULL pointer dereference bugs causing memory leak\u201d flaws as the most severe issues in the bunch, all rating 8.3 on the CVSS scale. These pop up in Bridge, Media Encoder, Prelude and Premiere Elements (and are _italicized_, below).\n\n## **Adobe October Out-of-Band CVEs**\n\nHere\u2019s the full breakdown of the critical bugs:\n\n**After Effects:**\n\n * CVE-2021-40751, CVE-2021-40752, CVE-2021-40753, CVE-2021-40754, CVE-2021-40755, CVE-2021-40757, CVE-2021-40758, CVE-2021-40759, CVE-2021-40760 (Access of Memory Location After End of Buffer/ACE)\n\n**Animate:**\n\n * CVE-2021-40733, CVE-2021-42266, CVE-2021-42267 (Access of Memory Location After End of Buffer/ACE)\n * CVE-2021-42268 (NULL Pointer Dereference/ACE)\n * CVE-2021-42269 (Use After Free/ACE)\n * CVE-2021-42270, CVE-2021-42271, CVE-2021-42272, CVE-2021-42524 (Out-of-Bounds Write/ACE)\n\n**Audition:**\n\n * CVE-2021-40734, CVE-2021-40735, CVE-2021-40736, CVE-2021-40738, CVE-2021-40739, CVE-2021-40740 (Access of Memory Location After End of Buffer/ACE)\n\n**Bridge:**\n\n * CVE-2021-40750 (_NULL Pointer Dereference/memory leak_)\n * CVE-2021-42533 (Double Free/ACE)\n * CVE-2021-42722, CVE-2021-42720, CVE-2021-42719 (Out-of-Bounds Read/ACE)\n * CVE-2021-42728 (Buffer Overflow/ACE)\n * CVE-2021-42724, CVE-2021-42729, CVE-2021-42730 (Access of Memory Location After End of Buffer/ACE)\n\n**Character Animator:**\n\n * CVE-2021-40763, CVE-2021-40764, CVE-2021-40765 (Access of Memory Location After End of Buffer/ACE)\n\n**Illustrator:**\n\n * CVE-2021-40718 (Out-of-Bounds Read/memory leak)\n * CVE-2021-40746 (Out-of-Bounds Read/ACE)\n\n**InDesign:**\n\n * CVE-2021-42732 (Access of Memory Location After End of Buffer/ACE)\n * CVE-2021-42731 (Buffer Overflow/ACE)\n\n**Lightroom Classic:**\n\n * CVE-2021-40776 (Creation of Temporary File in Directory with Incorrect Permissions/privilege escalation)\n\n**Media Encoder: **\n\n * CVE-2021-40778 (_NULL Pointer Dereference/memory leak_)\n * CVE-2021-40777, CVE-2021-40779, CVE-2021-40780 (Access of Memory Location After End of Buffer/ACE)\n\n**Photoshop:**\n\n * CVE-2021-42735 (Access of Memory Location After End of Buffer/ACE)\n * CVE-2021-42736 (Buffer Overflow/ACE)\n\n**Prelude:**\n\n * CVE-2021-40773 (_NULL Pointer Dereference/memory leak_)\n * CVE-2021-42733 (Improper Input Validation/ACE)\n * CVE -2021-40775, CVE-2021-42738, CVE-2021-42737, CVE-2021-40772, CVE-2021-40771 (Access of Memory Location After End of Buffer/ACE)\n\n**Premiere Elements:**\n\n * CVE-2021-40785 (_NULL Pointer Dereference/memory leak_)\n * CVE-2021-40786, CVE-2021-40787, CVE-2021-42526, CVE-2021-42527 (Access of Memory Location After End of Buffer/ACE)\n\n**Premiere Pro:**\n\n * CVE-2021-40792, CVE-2021-40793, CVE-2021-40794 (Access of Memory Location After End of Buffer/ACE)\n\n**XMP Toolkit SDK:**\n\n * CVE-2021-42529, CVE-2021-42530, CVE-2021-42531, CVE-2021-42532 (Stack-Based Buffer Overflow/ACE)\n\nThis bulletin was prompted by findings from two teams that deserve busy-beaver awards: Adobe variously credited researchers from TopSec Alpha Team and Trend Micro\u2019s Zero-Day Initiative (ZDI) for most of the bugs, except for CVE-2021-40746 in Illustrator, credited to \u201cTmgr.\u201d This could also explain some of the commonalities in the bulletins.\n\n\u201cOf the patches released by Adobe, nine of these came through the ZDI program,\u201d Dustin Childs of ZDI told Threatpost. \u201cMost of these are simple file-parsing bugs, but there are a couple of critical-rated out-of-bounds (OOB) write bugs as well. For these, the vulnerability results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage these bugs to execute code in the context of the current process.\u201d\n\nThe fixes come two weeks after Adobe released its normal monthly Patch Tuesday patches. A company spokesperson characterized the release as \u201cplanned\u201d rather than an emergency response \u2013 and indeed, Adobe said in [its advisories](<https://helpx.adobe.com/security/security-bulletin.html>) that there\u2019s no evidence that any of the bugs are being exploited in the wild.\n\n\u201cWhile we strive to release regularly scheduled updates on Patch Tuesday, occasionally these regularly scheduled security updates are released on non-Patch Tuesday dates,\u201d a company spokesperson told [the Register](<https://www.theregister.com/2021/10/26/adobe_october_extra_patches/>).\n\nOf note: The advisory for Bridge is listed as priority 2 for patching, which in Adobe [parlance](<https://helpx.adobe.com/security/severity-ratings.html>) means that the product has historically been at elevated risk for exploitation, so it comes with a recommendation that administrators patch within 30 days. The other advisories are priority 3, which is the lowest risk level, meaning that administrators can patch \u201cat their discretion.\u201d\n\n**_Check out our free _**[**_upcoming live and on-demand online town halls_**](<https://threatpost.com/category/webinars/>) **_\u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community._**\n", "cvss3": {}, "published": "2021-10-27T19:13:47", "type": "threatpost", "title": "Adobe's Surprise Security Bulletin Dominated by Critical Patches", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-40718", "CVE-2021-40733", "CVE-2021-40734", "CVE-2021-40735", "CVE-2021-40736", "CVE-2021-40738", "CVE-2021-40739", "CVE-2021-40740", "CVE-2021-40746", "CVE-2021-40750", "CVE-2021-40751", "CVE-2021-40752", "CVE-2021-40753", "CVE-2021-40754", "CVE-2021-40755", "CVE-2021-40757", "CVE-2021-40758", "CVE-2021-40759", "CVE-2021-40760", "CVE-2021-40763", "CVE-2021-40764", "CVE-2021-40765", "CVE-2021-40771", "CVE-2021-40772", "CVE-2021-40773", "CVE-2021-40776", "CVE-2021-40777", "CVE-2021-40778", "CVE-2021-40779", "CVE-2021-40780", "CVE-2021-40785", "CVE-2021-40786", "CVE-2021-40787", "CVE-2021-40792", "CVE-2021-40793", "CVE-2021-40794", "CVE-2021-42266", "CVE-2021-42267", "CVE-2021-42268", "CVE-2021-42269", "CVE-2021-42270", "CVE-2021-42271", "CVE-2021-42272", "CVE-2021-42524", "CVE-2021-42526", "CVE-2021-42527", "CVE-2021-42529", "CVE-2021-42530", "CVE-2021-42531", "CVE-2021-42532", "CVE-2021-42533", "CVE-2021-42719", "CVE-2021-42720", "CVE-2021-42722", "CVE-2021-42724", "CVE-2021-42728", "CVE-2021-42729", "CVE-2021-42730", "CVE-2021-42731", "CVE-2021-42732", "CVE-2021-42733", "CVE-2021-42735", "CVE-2021-42736", "CVE-2021-42737", "CVE-2021-42738"], "modified": "2021-10-27T19:13:47", "id": "THREATPOST:7EE9C8500F3B6F3A555A8508DF320FCC", "href": "https://threatpost.com/critical-patches-adobe-security-bulletin/175825/", "cvss": {"score": 0.0, "vector": "NONE"}}]}