=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN479
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Premiere Elements
          versions prior to 2021 [build 19.0 (20210809.daily.2242976)].

=====================================================================
https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html
_____________________________________________________________________


Last updated on Sep 14, 2021

Security updates available for Adobe Premiere Elements | APSB21-78

Bulletin ID         Date Published          Priority

ASPB21-78           September 14, 2021      3


Summary

Adobe has released updates for Adobe Premiere Elements for Windows and
macOS. This update addresses one important and multiple critical
vulnerabilities. Successful exploitation could lead to arbitrary code
execution in the context of the current user.     


Affected Versions

Product                   Version            Platform

Adobe Premiere Elements   2021 [build 19.0 (20210127.daily.2235820) and
earlier]         Windows  and macOS


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users to download the new installer and upgrade their
installations.

Product       Version         Platform       Priority      Availability

Adobe Premiere Elements     2021 [build 19.0 (20210809.daily.2242976)]
Windows and macOS       3          Download Center


Note:

To verify the version of Premiere Elements on your system, please follow
the following steps:  

    Help
    About Premiere Elements menu
    The splash screen would show the current version and build number.


Vulnerability details

Vulnerability Category      Vulnerability Impact      Severity
CVSS base score        CVSS vector          CVE Numbers

Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution      Critical      8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H     CVE-2021-39824

Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution     Important       5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H     CVE-2021-40701

Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution       Critical      7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H     CVE-2021-40700
CVE-2021-40703      CVE-2021-40702


Acknowledgments

Adobe would like to thank the following for reporting these issues and
for working with Adobe to help protect our customers:

    CQY of Topsec Alpha Team (yjdfy) (CVE-2021-40700, CVE-2021-39824,
      CVE-2021-40702)
    CFF of Topsec Alpha Team (cff_123) (CVE-2021-40703, CVE-2021-40701)

For more information, visit https://helpx.adobe.com/security.html, or
email PSIRT@adobe.com.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================