Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by Fnord666 on Wednesday March 10 2021, @10:05PM   Printer-friendly

Adobe Critical Code-Execution Flaws Plague Windows Users:

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.

Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's  Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

"Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," according to an Adobe spokesperson.

Adobe fixed a critical flaw (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is a type of buffer-overflow flaw where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get "secret values" (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.

[...] Adobe also fixed three critical vulnerabilities in the desktop application version of Adobe Creative Cloud for Windows users.

Two of the three critical flaws could enable arbitrary code execution: One of these (CVE-2021-21068) stems from an arbitrary file-overwrite hole, while the other (CVE-2021-21078) exists due to an OS command-injection error. The third critical flaw (CVE-2021-21069) stems from improper input validation and could allow an attacker to gain escalated privileges.

[...] Several critical- and important-severity bugs were patched in Adobe Connect.

One critical bug (CVE-2021-21078) stemmed from improper input validation; this could allow for arbitrary code execution.

And, three important cross-site scripting (XSS) flaws (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081) were patched. These could allow for arbitrary JavaScript execution in the victim's browser, if exploited.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Thursday March 11 2021, @01:09AM (4 children)

    by Runaway1956 (2926) Subscriber Badge on Thursday March 11 2021, @01:09AM (#1122532) Journal

    LOL, you get away with pretending to think, all the while spouting your partisan nonsense.

    --
    “I have become friends with many school shooters” - Tampon Tim Walz
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by aristarchus on Thursday March 11 2021, @01:16AM (3 children)

    by aristarchus (2645) on Thursday March 11 2021, @01:16AM (#1122535) Journal

    And here I thought that you thought that you thought that you agreed with me! Who is the partizan now, mon frere?

    • (Score: 2) by Runaway1956 on Thursday March 11 2021, @02:24AM (2 children)

      by Runaway1956 (2926) Subscriber Badge on Thursday March 11 2021, @02:24AM (#1122561) Journal

      Don't you "Mon Furrie" ME, you pervert!

      --
      “I have become friends with many school shooters” - Tampon Tim Walz
      • (Score: 0) by Anonymous Coward on Thursday March 11 2021, @09:14PM

        by Anonymous Coward on Thursday March 11 2021, @09:14PM (#1122931)

        now this is what I come here for! you two or two like you exchanging such mental barbs.

        Maybe you guys sit in my seat up in the theatre 2nd level and we can call you Statler and Waldorf.

      • (Score: 0) by Anonymous Coward on Friday March 12 2021, @02:19AM

        by Anonymous Coward on Friday March 12 2021, @02:19AM (#1123053)

        No pictures though!