Adobe Critical Code-Execution Flaws Plague Windows Users
upstart writes in with an IRC submission:
Adobe Critical Code-Execution Flaws Plague Windows Users:
Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.
Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.
"Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," according to an Adobe spokesperson.
Adobe fixed a critical flaw (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is a type of buffer-overflow flaw where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get "secret values" (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.
[...] Adobe also fixed three critical vulnerabilities in the desktop application version of Adobe Creative Cloud for Windows users.
Read more of this story at SoylentNews.