In
an out-of-schedule patch, Adobe patched an out-of-bounds write for Adobe After
Effects (CVE-2020-3765). This critical vulnerability affects Adobe After
Effects versions 16.1.2 and earlier.
Additionally, Adobe patched another out-of-bounds write for Adobe Media
Encoder. This critical vulnerability affects Adobe Media Encoder Versions 14.0
and earlier. For both of these vulnerabilities, attackers can trick users into
opening a specially crafted file with the vulnerable software. This file will
trigger an out-of-bounds write which will execute arbitrary code on the target
system.
Adobe is not aware of any exploits in the wild for these critical
vulnerabilities.
Analyst Notes
For users of Adobe After Effects, Binary Defense recommends updating to at least version 17.0.3 in order to receive the patch to the critical vulnerability affecting this product. For users of Adobe Media Encoder, Binary Defense recommends updating to at least version 14.0.2 to receive the patch to the critical vulnerability affecting this product.
For more information, read here: