CVE-2021-28610— Adobe After Effects 缓冲区错误漏洞

Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

堆缓冲区溢出

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects是美国奥多比（Adobe）公司的一套视觉效果和动态图形制作软件。该软件主要用于2D和3D合成、动画制作和视觉特效制作等。 Adobe After Effects 存在安全漏洞，该漏洞源于程序存在边界错误，远程攻击者可利用该漏洞创建一个专门制作的文件，诱骗受害者使用受影响的软件打开它，触发基于堆的缓冲区溢出，并在目标系统上执行任意代码。以下产品和版本受到影响: Adobe After Effects 10.0, 10.0.1, 10.0.2, 10.5, 10.5.1,

N/A

N/A