Information security specialists report the detection of two critical vulnerabilities in Adobe Premiere Pro, a timeline-based video editing software application developed by Adobe and published as part of the Adobe Creative Cloud licensing program. According to the report, the successful exploitation of these flaws allows threat actors to compromise the affected system.
Below are brief reports of the detected flaws in addition to their respective tracking keys and scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2021-40710: A boundary flaw when processing files in the affected application allows remote threat actors to run arbitrary code on affected implementations only with a specially crafted media file.
The flaw received a CVSS score of 7.7/10 and its successful exploitation may result in the full compromise of vulnerable systems.
CVE-2021-40715: A boundary error when processing files allows remote malicious hackers to create a specially crafted media file in order to run arbitrary code on the affected systems.
This is a high-severity flaw and received a CVSS score of 7.7/10.
According to the report, detected flaws reside in the following Premiere Pro versions: 13.1.0, 13.1.1, 13.1.2, 13.1.3, 14.0, 14.1, 14.2, 14.3, 14.4, 14.5, 15.0, 15.1, 15.2, 15.3 & 15.4.
Even though the vulnerabilities could be exploited by remote non-authenticated threat actors, information security specialists have no detected active exploitation attempts. Still, Adobe developers recommend updating to secured implementations.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.