First published: Tue Jun 08 2021(Updated: )
Adobe After Effects version 18.2 (and earlier) is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe After Effects | <=18.2 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-28607.
The severity of CVE-2021-28607 is critical with a CVSS score of 7.8.
Adobe After Effects version 18.2 (and earlier) is affected by CVE-2021-28607.
An unauthenticated attacker could leverage CVE-2021-28607 to achieve arbitrary code execution in the context of the current user by exploiting the heap corruption vulnerability when parsing a specially crafted file.
No, Microsoft Windows is not affected by CVE-2021-28607.
Update Adobe After Effects to version 18.3 or later to fix CVE-2021-28607.