Adobe Framemaker could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution.
Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity. That trumps Adobe’s January security update, which addressed nine vulnerabilities overall, including ones in Adobe Illustrator CC and Adobe Experience Manager.