CVE-2021-42721

Name of the Vulnerable Software and Affected Versions Acrobat Bridge versions 11.1.1 and earlier Adobe Media Encoder version 15.4 and earlier

Description The issue is related to a use-after-free vulnerability in the processing of Format event actions and a memory corruption vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file, such as a malicious M4A file.

Recommendations For Acrobat Bridge versions 11.1.1 and earlier, update to a version later than 11.1.1 to resolve the issue. For Adobe Media Encoder version 15.4 and earlier, update to a version later than 15.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the Format event actions feature in Acrobat Bridge and restricting the opening of M4A files in Adobe Media Encoder until a patch is available.