CVE-2021-40786 (GCVE-0-2021-40786)
Vulnerability from cvelistv5 – Published: 2022-03-16 14:03 – Updated: 2025-04-23 18:50
VLAI?
Title
Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution
Summary
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
Severity ?
7.8 (High)
CWE
- CWE-788 - Access of Memory Location After End of Buffer (CWE-788)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Premiere Elements |
Affected:
unspecified , ≤ 20210809.daily.2242976
(custom)
Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-40786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:12:31.627364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:50:45.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Premiere Elements",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20210809.daily.2242976",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:03:03.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-40786",
"STATE": "PUBLIC",
"TITLE": "Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premiere Elements",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "20210809.daily.2242976"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-40786",
"datePublished": "2022-03-16T14:03:03.148Z",
"dateReserved": "2021-09-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:50:45.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:premiere_elements:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2021.4\", \"matchCriteriaId\": \"3CECBBD6-3CD7-4992-9386-EE81E42401F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Adobe Premiere Elements versi\\u00f3n 20210809.daily.2242976 (y versiones anteriores), est\\u00e1 afectado por una vulnerabilidad de corrupci\\u00f3n de memoria debido a un manejo no seguro de un archivo malicioso, resultando potencialmente en una ejecuci\\u00f3n de c\\u00f3digo arbitrario en el contexto del usuario actual. Es requerida una interacci\\u00f3n del usuario para explotar esta vulnerabilidad\"}]",
"id": "CVE-2021-40786",
"lastModified": "2024-11-21T06:24:47.520",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@adobe.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-03-16T15:15:14.097",
"references": "[{\"url\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@adobe.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-788\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-40786\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2022-03-16T15:15:14.097\",\"lastModified\":\"2024-11-21T06:24:47.520\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Adobe Premiere Elements versi\u00f3n 20210809.daily.2242976 (y versiones anteriores), est\u00e1 afectado por una vulnerabilidad de corrupci\u00f3n de memoria debido a un manejo no seguro de un archivo malicioso, resultando potencialmente en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Es requerida una interacci\u00f3n del usuario para explotar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-788\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:premiere_elements:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2021.4\",\"matchCriteriaId\":\"3CECBBD6-3CD7-4992-9386-EE81E42401F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"Premiere Elements\", \"vendor\": \"Adobe\", \"versions\": [{\"lessThanOrEqual\": \"20210809.daily.2242976\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}, {\"lessThanOrEqual\": \"None\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2021-10-26T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-788\", \"description\": \"Access of Memory Location After End of Buffer (CWE-788)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-03-16T14:03:03.000Z\", \"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@adobe.com\", \"DATE_PUBLIC\": \"2021-10-26T23:00:00.000Z\", \"ID\": \"CVE-2021-40786\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Premiere Elements\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c=\", \"version_value\": \"20210809.daily.2242976\"}, {\"version_affected\": \"\u003c=\", \"version_value\": \"None\"}, {\"version_affected\": \"\u003c=\", \"version_value\": \"None\"}, {\"version_affected\": \"\u003c=\", \"version_value\": \"None\"}]}}]}, \"vendor_name\": \"Adobe\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"Low\", \"attackVector\": \"Local\", \"availabilityImpact\": \"High\", \"baseScore\": 7.8, \"baseSeverity\": \"High\", \"confidentialityImpact\": \"High\", \"integrityImpact\": \"High\", \"privilegesRequired\": \"None\", \"scope\": \"Unchanged\", \"userInteraction\": \"Required\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Access of Memory Location After End of Buffer (CWE-788)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\", \"refsource\": \"MISC\", \"url\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\"}]}, \"source\": {\"discovery\": \"EXTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T02:51:07.506Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-40786\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:12:31.627364Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T13:12:33.020Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"assignerShortName\": \"adobe\", \"cveId\": \"CVE-2021-40786\", \"datePublished\": \"2022-03-16T14:03:03.148Z\", \"dateReserved\": \"2021-09-08T00:00:00.000Z\", \"dateUpdated\": \"2025-04-23T18:50:45.163Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…