Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Adobe Patches Two Critical Arbitrary Code Execution Vulnerabilities:

In an out-of-schedule patch, Adobe patched an out-of-bounds write for Adobe After Effects (CVE-2020-3765). This critical vulnerability affects Adobe After Effects versions 16.1.2 and earlier.  Additionally, Adobe patched another out-of-bounds write for Adobe Media Encoder. This critical vulnerability affects Adobe Media Encoder Versions 14.0 and earlier. For both of these vulnerabilities, attackers can trick users into opening a specially crafted file with the vulnerable software. This file will trigger an out-of-bounds write which will execute arbitrary code on the target system.

Adobe is not aware of any exploits in the wild for these critical vulnerabilities.

ANALYST NOTES

For users of Adobe After Effects, Binary Defense recommends updating to at least version 17.0.3 in order to receive the patch to the critical vulnerability affecting this product. For users of Adobe Media Encoder, Binary Defense recommends updating to at least version 14.0.2 to receive the patch to the critical vulnerability affecting this product. For more information, read here:
Critical Adobe Flaws Fixed in Out-of-Band Update

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.