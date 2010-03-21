Adobe Critical Code-Execution Flaws Plague Windows Users:
Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.
Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.
"Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," according to an Adobe spokesperson.
Adobe fixed a critical flaw (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is a type of buffer-overflow flaw where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get "secret values" (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.
[...] Adobe also fixed three critical vulnerabilities in the desktop application version of Adobe Creative Cloud for Windows users.
Two of the three critical flaws could enable arbitrary code execution: One of these (CVE-2021-21068) stems from an arbitrary file-overwrite hole, while the other (CVE-2021-21078) exists due to an OS command-injection error. The third critical flaw (CVE-2021-21069) stems from improper input validation and could allow an attacker to gain escalated privileges.
[...] Several critical- and important-severity bugs were patched in Adobe Connect.
One critical bug (CVE-2021-21078) stemmed from improper input validation; this could allow for arbitrary code execution.
And, three important cross-site scripting (XSS) flaws (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081) were patched. These could allow for arbitrary JavaScript execution in the victim's browser, if exploited.
(Score: 2) by stretch611 on Wednesday March 10, @10:37PM
Adobe needs something in the tech news in order to stay relevant.
It just decided that buggy software is what it is known for.
Honestly, I am only surprised by the fact that Adobe Reader (pdf) is not one of the programs with the critical flaws. (Though I am sure it will be listed the next time.)
(Score: 2) by looorg on Wednesday March 10, @10:41PM
How many horrible crippling flaws can one company be responsible for before one starts to wonder what is really wrong at the company. It just seems like Adobe is punching well above their reach.
(Score: 2) by aristarchus on Wednesday March 10, @10:48PM
Is it really the fault of an incompetent software company, and arrestors of conference participants [cnet.com], that their product opens vulnerabilities in a insecure operating system? Is it right to blame the proximate cause, or the underlying common defect? Windows. The problem is Microsoft. Adobe is a symptom.
(Score: 0) by Anonymous Coward on Wednesday March 10, @10:55PM
