First published: Wed Sep 08 2021(Updated: )
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe After Effects | <=18.1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28571 is a command injection vulnerability in Adobe After Effects version 18.1 and earlier.
CVE-2021-28571 allows an attacker to execute arbitrary code in the context of the application.
CVE-2021-28571 has a severity rating of 8.8, which is considered high.
An attacker can exploit CVE-2021-28571 by chaining it with a development and debugging tool for JavaScript scripts.
No, Microsoft Windows is not vulnerable to CVE-2021-28571.