Details of these vulnerabilities are as follows: Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution.
Adobe Premiere Pro 15.4 and earlier versions.Adobe InCopy 16.3 and earlier versions for Windows.Adobe SVG-Native-Viewer and earlier versions for Linux.Adobe InCopy 16.3.1 and earlier versions for macOS.Adobe InDesign 16.3 and earlier versions for Windows.Adobe InDesign 16.3.2 and earlier versions for macOS.
Adobe Framemaker 2020 Release Update 2 and earlier.Adobe Framemaker 2019 Update 8 and earlier.ColdFusion 2021 Version 1 and earlier versions.ColdFusion 2018 Update 11 and earlier versions.Creative Cloud Desktop Application 5.4 and earlier version.Adobe Genuine Service 7.3 and earlier versions.Adobe Experience Manager (AEM) Cloud Service.Adobe Experience Manager (AEM) 6.5.9.0 and earlier versions.Photoshop 2021 22.5 and earlier versions.Photoshop 2020 21.2.11 and earlier versions.Adobe XMP-Toolkit-SDK 2021.07 and earlier versions.There are currently no reports of these vulnerabilities being exploited in the wild. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Depending on the privileges associated with the user, an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.
Acrobat and Reader is a family of application software and Web services mainly used to create, view, and edit PDF documents.Adobe InCopy is a professional word processor.Adobe SVG Native viewer is a library that parses and renders SVG Native documents.Adobe InDesign is an industry-leading layout and page design software for print and digital media.Adobe Framemaker is a document processing software used to write and edit large or complex documents.Adobe ColdFusion is a web application development platform.Adobe Creative Cloud is a cloud service provided by Adobe where its software can be accessed all in one place.Adobe Premiere and Adobe Premiere Pro is a video editing software.Adobe Digital Editions is an e-book reader software program.Adobe Genuine Service is a service that periodically verifies whether Adobe apps on your machine are genuine and notifies you if they are not.Adobe Experience Manager is a content management solution for building websites, mobile apps, and forms.Adobe Photoshop and Adobe Photoshop Elements is a graphics editor.Adobe XMP Toolkit SDK is a development kit for Adobe’s Extensible Metadata Platform.Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER: 2021-114 DATE(S) ISSUED: OVERVIEW: