CVE-2021-42726

Name of the Vulnerable Software and Affected Versions Adobe Bridge versions 11.1.1 and earlier Adobe Media Encoder versions 15.4 and earlier

Description The issue is related to a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability, as a victim must open a malicious M4A file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution.

Recommendations For Adobe Bridge versions 11.1.1 and earlier, update to a version later than 11.1.1 to resolve the issue. For Adobe Media Encoder versions 15.4 and earlier, update to a version later than 15.4 to resolve the issue. As a temporary workaround, consider avoiding the use of M4A files in Adobe Bridge and Adobe Media Encoder until a patch is available. Restrict access to malicious M4A files to minimize the risk of exploitation.