Cybersecurity specialists report the detection of various vulnerabilities in Adobe Audition, the sound editing tool developed by Adobe Systems. According to the report, the successful exploitation of these failures would allow the total commitment of the affected system.
Below is a brief description of the reported failures, in addition to their respective identification keys and scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2021-40734: A boundary error when processing untrusted inputs in the affected application would allow remote threat actors to trigger a memory corruption and run arbitrary code on the target system.
This is a high severity flaw and received a CVSS score of 7.7/10, as its successful exploitation would allow fully compromising the affected system.
CVE-2021-40735: A boundary error when processing untrusted input allows remote attackers to trigger a memory corruption condition and execute arbitrary code on the affected system.
The flaw received a CVSS score of 7.7/10.
CVE-2021-40736: A boundary error when processing untrusted input may allow remote attackers to trigger a memory corruption and execute arbitrary code on the target system.
This is a high severity flaw and received a CVSS score of 7.7/10.
CVE-2021-40737: A NULL pointer dereference error would allow remote threat actors to pass specially crafted data to the affected application, thus performing a denial of service (DoS) condition.
This is a medium severity flaw and received a CVSS score of 5.7/10.
CVE-2021-40738: A boundary error while processing untrusted input in the affected application would allow malicious hackers to deploy a memory corruption condition, thus running arbitrary code on the affected system.
The vulnerability received a CVSS score of 7.7/10.
CVE-2021-40739: A boundary error when processing untrusted input would allow malicious hackers to run arbitrary code on the affected systems.
This is a high severity flaw and received a CVSS score of 7.7/10.
CVE-2021-40740: A boundary error when processing untrusted input allows malicious hackers to trigger a memory corruption condition and run arbitrary code on the target system.
The flaw received a CVSS score of 7.7/10.
CVE-2021-40741: A boundary error when processing untrusted input allows threat actors to trigger a memory corruption condition and run arbitrary code on the affected systems.
The vulnerability received a CVSS score of 7.7/10.
While these flaws could be exploited by remote threat actors, cybersecurity specialists have detected no evidence of exploitation attempts; nonetheless, users of affected implementations should install the security patches launched by the tool developers.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.