Description
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS breakdown
CVSS 3.0
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Adobe / Bridgeunspecified – 11.0.1
- Adobe / Bridgeunspecified – 10.1.1
- Adobe / Bridgeunspecified – None
References
- VENDOR_ADVISORYhttps://helpx.adobe.com/security/products/bridge/apsb21-23.html
- VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-21-418/