CVE-2021-38099

Name of the Vulnerable Software and Affected Versions: Adobe Animate (affected versions not specified) Corel PhotoPaint Standard 2020 version 22.0.0.474

Description: The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. In the case of Corel PhotoPaint Standard 2020, the vulnerability occurs when parsing a crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. This requires user interaction, where a victim must open a malicious file.

Recommendations: For Adobe Animate, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Corel PhotoPaint Standard 2020 version 22.0.0.474, consider avoiding the use of CDRRip.dll when parsing untrusted files until a patch is available. As a temporary workaround, restrict the opening of potentially malicious CPT files to minimize the risk of exploitation.