The version of Adobe After Effects installed on the remote Windows host is prior to 18.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-49 advisory.

  - Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when     parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     disclose sensitive memory information in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-28600, CVE-2021-28609)

  - Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability     when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     achieve an application denial-of-service in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-28601)

  - Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when     parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve     arbitrary code execution in the context of the current user. Exploitation of this issue requires user     interaction in that a victim must open a malicious file. (CVE-2021-28602, CVE-2021-28605)

  - Adobe After Effects version 18.2 (and earlier) is affected by a heap corruption vulnerability when parsing     a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve     arbitrary code execution in the context of the current user. Exploitation of this issue requires user     interaction in that a victim must open a malicious file. (CVE-2021-28607)

  - Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability     when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires     user interaction in that a victim must open a malicious file. (CVE-2021-28603, CVE-2021-28604,     CVE-2021-28608, CVE-2021-28610)

  - Adobe After Effects version 18.2 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability     when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires     user interaction in that a victim must open a malicious file. (CVE-2021-28606)

  - Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when     parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     disclose sensitive memory information in the context of the current user. Exploitation of this issue     requires user interaction in that a victim must open a malicious file. (CVE-2021-28615)

  - Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when     parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to     disclose sensitive memory information and cause a denial of service in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2021-28611, CVE-2021-28612, CVE-2021-28614, CVE-2021-28616)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe After Effects < 18.2.1 Multiple Vulnerabilities (APSB21-49)

high Nessus Plugin ID 150503

No changelogs found