Cybersecurity specialists report the detection of a severe vulnerability in Adobe Media Encoder, the independent video encoding program that allows you to encode audio and video in a wide variety of formats designed by Adobe.
Tracked as CVE-2021-36070, the flaw exists due to a limit error in the processing of unverified entries. Remote threat actors could create a specially crafted file for the victim to open on their device using phishing techniques, enabling out-of-bounds writing to the affected system.
The flaw received a score of 7.7/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation would allow the total compromise of the system.
The vulnerability is reported to reside in the following versions of Adobe Media Encoder: 15.0, 15.1, 15.2, 15.3, and 15.4.
Flaws can be exploited by unauthenticated remote threat actors. However, cybersecurity specialists have not detected any active exploitation attempts or the existence of any malware variants to trigger the attack.
Security patches that address these flaws are now available, so Adobe recommends users of affected deployments update their products as soon as possible. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
