CVE-2021-40752

Name of the Vulnerable Software and Affected Versions Adobe After Effects versions 18.4 and earlier

Description The issue is related to a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required, where the victim must open a specially crafted file to exploit this vulnerability. This can be attributed to a buffer overflow in memory, allowing an attacker to execute arbitrary code in the target system using a specially created file.

Recommendations For Adobe After Effects versions 18.4 and earlier, consider avoiding the use of .m4a files until a patch is available. As a temporary workaround, restrict the ability to open specially crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.