====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN216
_____________________________________________________________________

DATE                : 14/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Bridge versions prior to
                                      10.1.2, 11.0.2.

=====================================================================
https://helpx.adobe.com/security/products/bridge/apsb21-23.html
_____________________________________________________________________

Security Updates Available for Adobe Bridge | APSB21-23
Bulletin ID 	Date Published 	Priority
APSB21-23 	April 13, 2021 	3


Summary

Adobe has released a security update for Adobe Bridge. This update
addresses critical and important vulnerabilities that could lead to
arbitrary code execution in the context of the current user.


Affected Versions

Product 	Version 	Platform
Adobe Bridge  	10.1.1 and earlier versions 	Windows 
Adobe Bridge  	11.0.1 and earlier versions 	Windows 


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via the
Creative Cloud desktop app's update mechanism.  For more information,
please reference this help page.  


Product 	Version    Platform 	Priority    Availability   
Adobe Bridge  	10.1.2	Windows and macOS    
 	3 	Download Page   
Adobe Bridge  	11.0.2	Windows and macOS    
 	3 	Download Page 

  
Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity   CVE Numbers
Out-of-bounds read   Information Disclosure  Important  CVE-2021-21091
Improper Authorization	Privilege Escalation Important	CVE-2021-21096
Memory Corruption   Arbitrary code execution  Critical  CVE-2021-21093
                                                        CVE-2021-21092
Out-of-bounds write  Arbitrary code execution Critical 	CVE-2021-21094
                                                        CVE-2021-21095

Acknowledgments

Adobe would like to thank the following researchers for
reporting these issues and for working with Adobe 
to help protect our
customers:  

    Francis Provencher {PRL} working with Trend Micro Zero Day
Initiative (CVE-2021-21091, CVE-2021-21092, CVE-2021-21093, CVE-2021-21094)

    Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero
Day Initiative (CVE-2021-21095)

    ikth working with Trend Micro Zero Day Initiative (CVE-2021-21096)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================