Adobe Prelude bis 10.1 MXF File Pufferüberlauf

Eine Schwachstelle wurde in Adobe Prelude bis 10.1 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um ein unbekannter Codeblock der Komponente MXF File Handler. Ein Upgrade vermag dieses Problem zu beheben.

Feld22.11.2021 19:4825.11.2021 16:24
vendorAdobeAdobe
namePreludePrelude
version<=10.1<=10.1
componentMXF File HandlerMXF File Handler
cwe120 (Pufferüberlauf)120 (Pufferüberlauf)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
identifierapsb21-96apsb21-96
urlhttps://helpx.adobe.com/security/products/prelude/apsb21-96.htmlhttps://helpx.adobe.com/security/products/prelude/apsb21-96.html
nameUpgradeUpgrade
cveCVE-2021-42738CVE-2021-42738
cve_assigned16345944001634594400
cve_cnaAdobe Systems IncorporatedAdobe Systems Incorporated
date1637535600 (22.11.2021)1637535600 (22.11.2021)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore7.07.0
cvss3_meta_tempscore6.96.9
price_0day$5k-$25k$5k-$25k
cve_nvd_summaryAdobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Interested in the pricing of exploits?

See the underground prices here!