CVE-2021-40760

Name of the Vulnerable Software and Affected Versions Adobe After Effects versions 18.4.1 and earlier

Description The issue is related to a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required, as the victim must open a specially crafted file to exploit this vulnerability. This can be attributed to a buffer overflow in memory, allowing an attacker to execute arbitrary code on the target system.

Recommendations For Adobe After Effects versions 18.4.1 and earlier, consider avoiding the use of .m4a files until a patch is available. As a temporary workaround, restrict the handling of malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.