====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN593
_____________________________________________________________________

DATE                : 21/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Animate versions prior
                                         to 21.0.

=====================================================================
https://helpx.adobe.com/security/products/animate/apsb20-61.html
_____________________________________________________________________

Security updates available for Adobe Animate | APSB20-61
Bulletin ID     Date Published         Priority
ASPB20-61       October 20, 2020       3


Summary

Adobe has released updates for Adobe Animate for Windows and macOS. This
update resolves multiple critical vulnerabilities. Successful
exploitation could lead to arbitrary code execution in the context of
the current user.


Affected Versions

Product         Version                              Platform
Animate         20.5 and earlier versions            Windows


Solution

Adobe categorizes this update with the following  priority rating and
recommends users update their installation to the newest version via the
Creative Cloud desktop app's update mechanism.  For more information,
please reference this help page.


Product      Version    Platform           Priority     Availability
Animate      21.0    Windows and macOS     3         Download Center    

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category    Vulnerability Impact  Severity  CVE Numbers
Double-free   Arbitrary code execution	  Critical     	CVE-2020-9747

Stack-based buffer overflow  Arbitrary code execution   Critical
                                                           CVE-2020-9748

Out-of-bounds read   Arbitrary code execution   Critical  CVE-2020-9749
                                                          CVE-2020-9750


Acknowledgments

Adobe would like to thank Kexu Wang of Fortinet's FortiGuard Labs for
reporting these issues and for working with Adobe to help protect our
customers.   


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================