The version of Adobe Audition installed on the remote Windows host is prior to 14.4.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-92 advisory.

  - Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a     M4A file, potentially resulting in arbitrary code execution in the context of the current user. User     interaction is required to exploit this vulnerability. (CVE-2021-40739, CVE-2021-40740)

  - Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a     SVG file, potentially resulting in arbitrary code execution in the context of the current user. User     interaction is required to exploit this vulnerability. (CVE-2021-40734)

  - Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially     resulting in arbitrary code execution in the context of the current user. User interaction is required to     exploit this vulnerability. (CVE-2021-40735, CVE-2021-40736)

  - Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when     parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve     an application denial-of-service in the context of the current user. Exploitation of this issue requires     user interaction in that a victim must open a malicious file. (CVE-2021-40737, CVE-2021-40742)

  - Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a     WAV file, potentially resulting in arbitrary code execution in the context of the current user. User     interaction is required to exploit this vulnerability. (CVE-2021-40738)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Audition < 14.4.2 Multiple Vulnerabilities (APSB21-92)

high Nessus Plugin ID 154724

Version 1.7

Version 1.6

Version 1.7 Nov 28, 2024, 6:57 AM CVSSv3 score source (set to "CVE-2021-40738") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202411280657
Version 1.6 Nov 20, 2024, 8:07 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411202007