Adobe Prelude hasta 10.1 MXF File desbordamiento de búfer

Una vulnerabilidad ha sido encontrada en Adobe Prelude hasta 10.1 y clasificada como crítica. Una función desconocida del componente MXF File Handler es afectada por esta vulnerabilidad. Una actualización elimina esta vulnerabilidad.

Campo2021-11-22 19:482021-11-25 16:24
vendorAdobeAdobe
namePreludePrelude
version<=10.1<=10.1
componentMXF File HandlerMXF File Handler
cwe120 (desbordamiento de búfer)120 (desbordamiento de búfer)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
identifierapsb21-96apsb21-96
urlhttps://helpx.adobe.com/security/products/prelude/apsb21-96.htmlhttps://helpx.adobe.com/security/products/prelude/apsb21-96.html
nameUpgradeUpgrade
cveCVE-2021-42738CVE-2021-42738
cve_assigned16345944001634594400
cve_cnaAdobe Systems IncorporatedAdobe Systems Incorporated
date1637535600 (2021-11-22)1637535600 (2021-11-22)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore7.07.0
cvss3_meta_tempscore6.96.9
price_0day$5k-$25k$5k-$25k
cve_nvd_summaryAdobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Do you know our Splunk app?

Download it now for free!