CVE-2020-9659 – Adobe Audition MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9659
Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . Adobe Audition versiones 13.0.6 y anteriores, presenta una vulnerabilidad de escritura fuera de límites. Una explotación con éxito podría conllevar a una ejecución de código arbitraria This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MP4 files. • https://helpx.adobe.com/security/products/audition/apsb20-40.html • CWE-787: Out-of-bounds Write •
CVE-2020-9618 – Adobe Audition MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-9618
Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Audition versiones 13.0.5 y anteriores, presenta una vulnerabilidad de lectura fuera de límites. Una explotación con éxito podría conllevar a una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MOV files. • https://helpx.adobe.com/security/products/audition/apsb20-28.html • CWE-125: Out-of-bounds Read •
CVE-2010-5258
https://notcve.org/view.php?id=CVE-2010-5258
Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Audition v3.0 build 7283.0, permite a usuarios locales ganar privilegios a través de un archivo de caballo de troya Assist.Dll en el directorio de trabajo actual, como se demostró con un directorio que contiene un archivo .ses. NOTA: algunos de estos detalles han sido obtenidos de fuentes de terceros. • http://secunia.com/advisories/41232 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list •
CVE-2011-0614 – Adobe Audition 3.0 build 7283 - Session File Handling Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2011-0614
Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file. Desbordamiento de búfer en Adobe Audition v3.0.1 y anteriores, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y fallo de la aplicación) o ejecutar código de su elección mediante un fichero de sesión de audición (también conocidos como .ses) manipulado Adobe Audition version 3.0 build 7238 suffers from a buffer overflow vulnerability when dealing with .SES (session) format file. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code or denial of service. • https://www.exploit-db.com/exploits/17278 http://securityreason.com/securityalert/8253 http://www.adobe.com/support/security/bulletins/apsb11-10.html http://www.exploit-db.com/exploits/17278 http://www.securityfocus.com/bid/47841 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5012.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0615
https://notcve.org/view.php?id=CVE-2011-0615
Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types. Desbordamiento de búfer en Adobe Audition v3.0.1 y anteriores, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y fallo de la aplicación) o ejecutar código de su elección mediante datos manipulados en campos no especificados en el segmentado de TRKM en un ficheros de sesión de audición (también conocida como .ses), relacionado con un uso inconsistente de los tipos de caracteres de datos. • http://www.adobe.com/support/security/bulletins/apsb11-10.html http://www.coresecurity.com/content/Adobe-Audition-malformed-SES-file http://www.securityfocus.com/bid/47838 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •