Multiple vulnerabilities in Adobe Animate
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-28630 CVE-2021-28619 CVE-2021-28617 CVE-2021-28618 CVE-2021-28621 CVE-2021-28620 CVE-2021-28629 CVE-2021-28622 |
| CWE-ID | CWE-125 CWE-122 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Animate Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU53948
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28630
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted FLA file, trick the victim into opening it, trigger out-of-bounds read error and read contents of arbitrary files.
Install updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
https://www.zerodayinitiative.com/advisories/ZDI-21-666/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU53949
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28619
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU53950
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28617
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU53951
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28618
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU53952
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-28621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted FLA file, trick the victim into opening it, trigger out-of-bounds read error and compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
https://www.zerodayinitiative.com/advisories/ZDI-21-664/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU53954
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-28620
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU53955
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-28629
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU53953
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-28622
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted BMP file, trick the victim into opening it, trigger out-of-bounds write error and compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsAnimate: 20.0 - 21.0.6
CPE2.3- cpe:2.3:a:adobe:animate:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:animate:21.0:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/animate/apsb21-50.html
https://www.zerodayinitiative.com/advisories/ZDI-21-665/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
