====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN235
_____________________________________________________________________

DATE                : 29/04/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Bridge versions prior to
                                          10.0.4.

=====================================================================
https://helpx.adobe.com/security/products/bridge/apsb20-19.html
_____________________________________________________________________


Security Updates Available for Adobe Bridge | APSB20-19
Bulletin ID 	Date Published 	Priority
APSB20-19 	April 28, 2020 	3


Summary

Adobe has released a security update for Adobe Bridge. This update
addresses multiple critical and important vulnerabilities that could
lead to arbitrary code execution and information disclosure in the
context of the current user.  


Affected Versions

Product 	Version 	Platform
Adobe Bridge 	10.0.1 and earlier version	Windows


Solution

Adobe categorizes these updates with the following  priority ratings and
recommends users update their installation to the newest version via the
Creative Cloud desktop app's update mechanism.  For more information,
please reference this help page.


Product 	Version 	Platform 	Priority    Availability
Adobe Bridge 	10.0.4   	Windows and macOS   3      Download Page



Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Number

Stack-based Buffer Overflow	Arbitrary code execution	Critical
	CVE-2020-9555

Heap Overflow 	Arbitrary code execution	Critical   CVE-2020-9562
                                                           CVE-2020-9563

Memory Corruption	Arbitrary code execution 	Critical
	CVE-2020-9568

Out-of-Bounds Read	Information Disclosure	Important  CVE-2020-9553
                                                           CVE-2020-9557
                                                           CVE-2020-9558

Out-of-Bounds Write 	Arbitrary code execution  Critical CVE-2020-9554
                                                           CVE-2020-9556
                                                           CVE-2020-9559
                                                           CVE-2020-9560
                                                           CVE-2020-9561
                                                           CVE-2020-9564
                                                           CVE-2020-9565
                                                           CVE-2020-9569

Use After Free	Arbitrary code execution 	Critical   CVE-2020-9566
                                                           CVE-2020-9567


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:    

    Anonymous working with Trend Micro Zero Day Initiative
     (CVE-2020-9553)  
    Francis Provencher working with Trend Micro Zero Day Initiative
     (CVE-2020-9568)
    Mat Powell of Trend Micro Zero Day Initiative (CVE-2020-9554,
     CVE-2020-9555, CVE-2020-9556, CVE-2020-9557, CVE-2020-9558,
     CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9562,
     CVE-2020-9563, CVE-2020-9564, CVE-2020-9565, CVE-2020-9566,
     CVE-2020-9567, CVE-2020-9569)    


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================