The Indian Computer Emergency Response Team, which is part of Ministry of Information Technology, has issued a new warning to Adobe app users. Adobe After Effects and Adobe Creative Cloud users are subjected to a high-severity alert.
According to the warning, Adobe After Effects has an out-of-bounds write issue that could be exploited by a remote attacker to execute arbitrary code in the context of the current users.
The warning specifies an Uncontrolled Search Path Element issue has been reported in Adobe Creative Cloud desktop app, which could be exploited by a remote attacker.
Users of Adobe After Effects 22.1.1 and older versions, as well as Adobe Creative Cloud desktop app 2.7.0.12 and earlier versions, should be aware of the warning.
The vulnerability in Adobe After Effects is related to an Out-of-Bounds write issue, according to the warning. A remote attacker could take advantage of this flaw by creating a specially designed file and convincing the victim to open it with the vulnerable software. If this vulnerability is successfully exploited, a remote attacker could execute arbitrary code in the context of the current.
The vulnerability exists in Adobe Creative Cloud Desktop Application due to a flaw in the Uncontrolled Search Path Element. A remote attacker might take advantage of this flaw by creating a specially crafted.dil file to a remote SMB file share and misleading the victim into launching the installation file from a remote share. If this vulnerability is successfully exploited, a remote attacker could execute arbitrary code in the context of the current user.
Users should update their Adobe apps on their devices to avoid being exploited. The official website of the Indian Computer Emergency Response Team has the web links to the update pages for the apps mentioned above.