CERT-In Vulnerability Note
CIVN-2020-0253
Multiple Vulnerabilities in Adobe Products
Original Issue Date:June 29, 2020
Severity Rating: HIGH
Software Affected
- Adobe Audition 13.0.6 and earlier versions
- Adobe Premiere Rush 1.5.12 and earlier versions
- Adobe Premiere Pro 14.2 and earlier versions
- Illustrator 2020 24.1.2 and earlier versions
- Adobe After Effects 17.1 and earlier versions
- Adobe Campaign Classic 20.1 and earlier version
Overview
Multiple vulnerabilities have been reported in Adobe Products which could lead to arbitrary code execution in the context of the current user and could result in Information Disclosure.
Description
1. Out-of-Bounds Write Vulnerability
(
CVE-2020-9658
CVE-2020-9659
)
Multiple Out-of-Bounds Write Vulnerabilities exist in Adobe Audition. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
2. Out-of-Bounds Write Vulnerability
(
CVE-2020-9656
CVE-2020-9657
)
Multiple Out-of-Bounds Write Vulnerabilities exist in Adobe Premiere Rush. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
3. Out-Of-Bounds Read Vulnerability
(
CVE-2020-9655
)
An Out-of-Bounds Read Vulnerability exists in Adobe Premiere Rush. Successful exploitation of this vulnerability could lead to arbitrary code.
4. Out-of-Bounds Write Vulnerability
(
CVE-2020-9653
CVE-2020-9654
)
Multiple Out-of-Bounds Write Vulnerabilities exist in Adobe Premiere Pro. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
5. Out-Of-Bounds Read Vulnerability
(
CVE-2020-9652
)
An Out-of-Bounds Read Vulnerability exists in Adobe Premiere Pro. Successful exploitation of this vulnerability could lead to arbitrary code execution.
6. Buffer Errors Vulnerability
(
CVE-2020-9642
)
A Buffer Error Vulnerability exists in Adobe Illustrator 2020. Successful exploitation of this vulnerability could lead to arbitrary code execution.
7. Memory Corruption Vulnerability
(
CVE-2020-9575
CVE-2020-9641
CVE-2020-9640
CVE-2020-9639
)
Multiple Memory Corruption Vulnerabilities exist in Adobe Illustrator 2020. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
8. Out-Of-Bounds Read Vulnerability
(
CVE-2020-9661
)
An Out-of-Bounds Read Vulnerability exists in Adobe After Effects. Successful exploitation of this vulnerability could lead to arbitrary code execution.
9. Out-of-Bounds Write Vulnerability
(
CVE-2020-9660
CVE-2020-9662
)
Multiple Out-of-Bounds Write Vulnerabilities exist in Adobe After Effects. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
10. Heap Overflow Vulnerability
(
CVE-2020-9637
CVE-2020-9638
)
Multiple Heap Overflow Vulnerabilities exist in Adobe After Effects. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.
11. Out-Of-Bounds Read Vulnerability
(
CVE-2020-9666
)
An Out-of-Bounds Read Vulnerability exists in Adobe Campaign Classic. Successful exploitation of this vulnerability could result in Information Disclosure.
Solution
Apply appropriate security updates as mentioned in the Adobe Security Advisory APSB
https://helpx.adobe.com/security/products/campaign/apsb20-34.html
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html
https://helpx.adobe.com/security/products/audition/apsb20-40.html
Vendor Information
Adobe
https://helpx.adobe.com/security/products/campaign/apsb20-34.html
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html
https://helpx.adobe.com/security/products/audition/apsb20-40.html
References
Adobe
https://helpx.adobe.com/security/products/campaign/apsb20-34.html
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html
https://helpx.adobe.com/security/products/audition/apsb20-40.html
CVE Name
CVE-2020-9658
CVE-2020-9659
CVE-2020-9656
CVE-2020-9657
CVE-2020-9655
CVE-2020-9653
CVE-2020-9654
CVE-2020-9652
CVE-2020-9642
CVE-2020-9575
CVE-2020-9641
CVE-2020-9640
CVE-2020-9639
CVE-2020-9661
CVE-2020-9660
CVE-2020-9662
CVE-2020-9637
CVE-2020-9638
CVE-2020-9666
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|