====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN160
_____________________________________________________________________

DATE                : 12/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Animate versions prior to
                                          21.0.4.

=====================================================================
https://helpx.adobe.com/security/products/animate/apsb21-21.html
_____________________________________________________________________

Security updates available for Adobe Animate | APSB21-21

Bulletin ID 	Date Published      Priority
ASPB21-21 	March 09, 2021       	3


Summary

Adobe has released an update for Adobe Animate. This update
resolves multiple critical and important vulnerabilities.  Successful
exploitation could lead to arbitrary code execution in the context of
the current user.   


Affected Versions

Product 	Version                          Platform
Adobe Animate 	21.0.3  and earlier versions     Windows


Solution

Adobe categorizes this update with the following  priority rating and
recommends users update their installation to the newest version via the
Creative Cloud desktop app's update mechanism.  For more information,
please reference this help page.


Product 	Version     Platform 	     Priority    Availability
Adobe Animate    21.0.4     Windows and macOS   3    Download Center    

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category 	 Vulnerability Impact 	Severity     CVE Numbers

Out-of-bounds read   Information Disclosure    Important  CVE-2021-21072
                                                          CVE-2021-21073
                                                          CVE-2021-21074
                                                          CVE-2021-21075
                                                          CVE-2021-21076
Buffer overflow   Arbitrary code execution   Critical     CVE-2021-21071
                                                          CVE-2021-21077

Acknowledgments

Adobe would like to thank Yongjun Liu of nsfocus security team for
reporting the relevant issues and for working with Adobe to help protect
our customers


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================