CVE-2021-44190 - Adobe After Effects Out-of-Bounds Read Vulnerability Leading to Sensitive Memory Disclosure and ASLR Bypass

Adobe After Effects, a popular video editing software, has been identified with a security vulnerability labeled as CVE-2021-44190. This vulnerability affects versions 22. (and earlier) as well as 18.4.2 (and earlier) and could lead to disclosure of sensitive memory. Furthermore, this vulnerability could be exploited by an attacker to bypass Address Space Layout Randomization (ASLR) mitigations. Successful exploitation of this issue does, however, require user interaction, such as opening a malicious file.

Exploit Details

An out-of-bounds read vulnerability is a type of programming error that occurs when a program reads data located outside the bounds of the allocated memory. When this happens, the program can access and expose sensitive memory content. In the case of CVE-2021-44190, an attacker who successfully exploits this vulnerability could potentially bypass ASLR, which is a mitigation technique designed to prevent exploitation of memory corruption vulnerabilities.

To exploit this issue, an attacker needs to create a malicious file specifically crafted to trigger the vulnerability in Adobe After Effects. The attacker then needs to convince the victim to open the malicious file using Adobe After Effects. Once the file is opened, the out-of-bounds read vulnerability is triggered, potentially exposing sensitive memory content and bypassing ASLR protections.

Code Snippet Example

This code snippet demonstrates a potential exploit for the CVE-2021-44190 vulnerability by executing an out-of-bounds read:

// Exploit code for CVE-2021-44190
#include <iostream>
#include <fstream>
#include <vector>

int main() {
    std::ifstream malicious_file("malicious_file.aep");
    if (!malicious_file) {
        std::cerr << "Error: Could not open malicious file.\n";
        return 1;
    }

    std::vector<char> buffer;
    malicious_file.seekg(, std::ios::end);
    size_t file_size = malicious_file.tellg();
    malicious_file.seekg(, std::ios::beg);
    buffer.resize(file_size);
    malicious_file.read(buffer.data(), file_size);

    // Trigger out-of-bounds read vulnerability and bypass ASLR
    // ...

    return ;
}

Original References

- Adobe Security Bulletin: https://helpx.adobe.com/security/products/after-effects/apsb22-02.html
- CVE-ID: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44190
- National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2021-44190

Mitigations and Recommendations

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe After Effects installations to the latest version (22..1 for version 22.x and 18.4.3 for version 18.x).

Users should also exercise caution when opening files from untrusted sources and avoid clicking on unexpected links sent via email or shared on social media.

Conclusion

CVE-2021-44190 is a critical out-of-bounds read vulnerability affecting Adobe After Effects versions 22. (and earlier) and 18.4.2 (and earlier). This vulnerability could lead to disclosure of sensitive memory and bypass of ASLR mitigations. Exploiting this issue does require user interaction, like opening a malicious file, but users should still take the necessary precautions to protect their systems and update Adobe After Effects to the latest version.

Timeline

Published on: 09/07/2023 14:15:00 UTC