CVE-2021-28570

Description

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.77

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Adobe After Effects 17.7.0	Windows
Multiple Vulnerabilities are affected in Adobe After Effects 18.1	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234