CVE-2021-42721: Use After Free
First published: Tue Nov 16 2021(Updated: )
Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Media Encoder | <=15.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-42721.
What is the affected software?
The affected software is Acrobat Bridge versions 11.1.1 and earlier.
What is the severity of CVE-2021-42721?
The severity of CVE-2021-42721 is critical.
How does CVE-2021-42721 work?
CVE-2021-42721 is a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.
Is user interaction required to exploit CVE-2021-42721?
Yes, exploitation of CVE-2021-42721 requires user interaction in that a victim must open a malicious file or website.
How can I mitigate this vulnerability?
To mitigate CVE-2021-42721, it is recommended to update to the latest version of Acrobat Bridge or apply the relevant security patch provided by Adobe.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- vendor/adobe
- canonical/adobe media encoder
- version/adobe media encoder/15.4
- vendor/microsoft
- canonical/microsoft windows