Summary:
In third week of February,2020, after MSPT, an out-of-bounds (OOB) write vulnerability was observed in Adobe Media Encoder that leads to arbitrary code execution. This vulnerability was observed only for Microsoft Windows platform.
Description:
Adobe Media Encoder, is a software for encoding and compressing audio or video files. When the untrusted input is processed, it triggers this vulnerability. An attacker can remotely create and manipulate a authentic appearance type file, to trick the victim to open it using the affected software, that leads to out-of-bounds write and execute arbitrary code on the target system.
There is at present no evidence the vulnerability is being exploited in the wild.
At Qualys Labs, we’ve tried to recreate as well as resolve the issue, reported for CVE-2020-3764.
Affected Products:
Adobe Media Encoder prior to version 14.0
Advisory:
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Mitigation:
Adobe has released a patch to address CVE-2020-3764.
Qualys customers can scan their network with QID(s)# 372401 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources:
- https://nvd.nist.gov/vuln/search/results?startIndex=1420