=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN472
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Premiere Pro versions
                                   prior to 15.4.1.

=====================================================================
https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html
_____________________________________________________________________


Last updated on Sep 14, 2021

Security Updates Available for Adobe Premiere Pro | APSB21-67


Bulletin ID       Date Published          Priority

ASPB21-67         September  14, 2021     3


Summary

Adobe has released updates for Adobe Premiere Pro for Windows and macOS.
This update addresses a critical vulnerability. Successful exploitation
could lead to arbitrary code execution in the context of the current
user.


Affected Versions

Product               Version                       Platform

Adobe Premiere Pro    15.4 and earlier versions      Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via the
Creative Cloud desktop app’s update mechanism.  For more information,
please reference this help page.

Product            Version          Platform     Priority Rating
Availability

Adobe Premiere Pro   15.4.1      Windows and macOS     3
Download Center  

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category     Vulnerability Impact     Severity
CVSS base score        CVSS vector      CVE Numbers

Access of Memory Location After End of Buffer     (CWE-788)
Arbitrary Code Execution      Critical     7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H      CVE-2021-40710
CVE-2021-40715


Acknowledgments

Adobe would like to thank CQY of Topsec Alpha Team
(yjdfy) for reporting these issues and for working with Adobe to help
protect our customers.      

For more information, visit https://helpx.adobe.com/security.html , or
email PSIRT@adobe.com



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================