CVE-2021-28621: Adobe Animate FLA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
First published: Tue Aug 24 2021(Updated: )
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Animate | <=21.0.6 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-28621.
What is the severity level of CVE-2021-28621?
The severity level of CVE-2021-28621 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2021-28621?
Adobe Animate version 21.0.6 (and earlier) is affected by CVE-2021-28621.
How can an attacker exploit CVE-2021-28621?
An unauthenticated attacker could leverage CVE-2021-28621 to achieve arbitrary code execution in the context of the current user.
Is user interaction required for the exploitation of CVE-2021-28621?
Yes, exploitation of CVE-2021-28621 requires user interaction.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/adobe
- canonical/adobe animate
- version/adobe animate/21.0.6
- vendor/microsoft
- canonical/microsoft windows