Published: 25/06/2020 Updated: 29/06/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe After Effects versions 17.1 and previous versions have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAfter Effects4.0, 4.1, 4.1.1, 5.0, 5.5, 5.5.1, 6.0, 6.5.1, 7.0, 7.0.1, 16, 16.1.2, 17.0.1, 17.1

Vendor Advisories

Adobe has released an update for Adobe After Effects for Windows and macOS This update addresses critical vulnerabilities Successful exploitation could lead to arbitrary code execution in the context of the current user ...

Recent Articles

Adobe Patches 18 Critical Flaws in Out-Of-Band Update
Threatpost • Lindsey O'Donnell • 16 Jun 2020

Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited.
In its security bulletin Adobe said it was not aware of any exploits in the wild for any of the bugs.
Five of the critical flaws were discovered in versions 17.1 and earlier of After Effects. Users are encouraged to update...

The Register

Adobe has emitted security patches for six of its most prominent software bundles, including Illustrator, After Effects, and Premier Pro.
For Illustrator, the fix cleans up five so-called critical CVE-listed security holes (CVE-2020-9642, CVE-2020-9575, CVE-2020-9641, CVE-2020-9640, CVE-2020-9639.) It's a mix of a buffer overrun and memory corruption issues that can be exploited, presumably, by maliciously crafted documents to achieve arbitrary code execution on macOS and Windows systems.<...