First published: Fri Aug 20 2021(Updated: )
Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Bridge CC | <=11.0.2 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28624 has been assigned a critical severity rating due to its potential for arbitrary code execution.
To mitigate CVE-2021-28624, upgrade Adobe Bridge to version 11.0.3 or later.
Users of Adobe Bridge version 11.0.2 and earlier on any supported operating system are affected by CVE-2021-28624.
Exploitation of CVE-2021-28624 can allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
Yes, exploiting CVE-2021-28624 requires some form of user interaction to trigger the vulnerability.