CVE-2021-21090

Name of the Vulnerable Software and Affected Versions Adobe InCopy versions 16.0 and earlier

Description The issue is related to a path traversal vulnerability when parsing a crafted file, allowing an unauthenticated attacker to achieve remote code execution in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file. The vulnerability is also associated with insufficient checking of the directory path name with limited access, which can be exploited by a remote attacker using a specially formed HTTP request.

Recommendations For Adobe InCopy versions 16.0 and earlier, as a temporary workaround, consider restricting access to crafted files until a patch is available. Avoid opening malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.