Vulnerabilities > CVE-2021-42269 - Use After Free vulnerability in Adobe Animate

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

adobe

CWE-416

critical

NVD

Published: 2021-11-18

Updated: 2021-11-18

Summary

Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Animate 15.2.1.95 Adobe Animate 20.5 Adobe Animate 21.0 Adobe Animate 21.0.2 Adobe Animate 21.0.3 Adobe Animate 21.0.4 Adobe Animate 21.0.9	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://helpx.adobe.com/security/products/animate/apsb21-105.html