CVE-2022-35701 Adobe Bridge versions 12.0.2 and earlier are affected by a out-of-bounds write vulnerability that could lead to arbitrary code execution.

Adobe recommends monitoring for signs of anomalous behavior from systems running Bridge CC 2017.
On systems running Adobe Bridge CC 2017, administrators are advised to monitor for signs of anomalous behavior from systems running Bridge CC 2017. These signs include but are not limited to: Anomalous system behavior.

Anomalous system log entries.

Anomalous system information. Adobe recommends monitoring for these signs of anomalous behavior and promptly contacting Technology Support when they are observed.

Adobe Bridge CC 2017 installation fails on Windows and Mac OS with error code:

The Adobe Bridge CC 2017 installer on Windows and Mac OS has been updated to account for a vulnerability in the previous version of that installer. The new installer has an update mechanism, which is activated if any of the following conditions are met:
- The Adobe Bridge CC 2016 installer is already installed on the system.
- A 32-bit application is installed on a 64-bit system.
- A 64-bit application is installed on a 32-bit system.
Regardless of these conditions, the new installer will not install if one or more of the following files cannot be found:
C:\Program Files (x86)\Adobe\Bridge\AdobeBridgeBridge64.dll
C:\Program Files (x86)\Adobe\Bridge\AdobeBridgeBridge32.dll
C:\Program Files (x86)\Adobe\Bridge\AdobeBridgeBridgeCS564.dll
The linker command line arguments specified in those files have changed since the last version of the installer was created, and thus cannot be used by the new installer. When this happens, an error message is displayed and installation fails with an error code "crash".

Adobe recommends monitoring for signs of anomalous behavior from systems running Bridge CC 2017

Adobe recommends monitoring for signs of anomalous behavior from systems running Bridge CC 2017. These signs include but are not limited to: Anomalous system behavior.
Anomalous system log entries.
Anomalous system information. Adobe recommends monitoring for these signs of anomalous behavior and promptly contacting Technology Support when they are observed.

Adobe Bridge CC 2017 Vulnerability

Adobe released an advisory warning of a vulnerability in Adobe Bridge CC 2017. Security experts believe the vulnerability is a zero-day exploit that could allow attackers to execute code, which may be used for more serious attacks on other devices running the program.
As this is a zero-day attack, there are no patches available yet. However, Adobe recommends immediate installation of software updates from your vendor and monitoring for signs of anomalous behavior from systems running Bridge CC 2017.

Adobe Bridge CC 2017 Products and Versions Affected

Adobe Bridge CC 2017 is a version of Adobe Bridge. It is used for viewing and editing files in computer graphics applications, including Adobe Creative Cloud apps and Adobe Photoshop.

Adobe Bridge CC 2018

Adobe Bridge CC 2018 is a powerful, integrated tool for editing and publishing digital images.
Bridge CC 2018 provides a variety of features that benefit photographers, artists and designers in their workflows.
Some features of Adobe Bridge CC 2018 include: A new and improved user interface with more intuitive navigation tools.
Automatically optimize image files for web use so they are delivered in the best possible quality to end users.
Enhanced device management capabilities that allow additional flexibility when working with devices like mobile phones, tablets and Apple® devices.
Write once, publish everywhere feature with integrated technologies from Adobe Stock®, Creative Cloud® and other third-party providers.

Timeline

Published on: 09/19/2022 16:15:00 UTC
Last modified on: 09/21/2022 13:14:00 UTC

References

• https://helpx.adobe.com/security/products/bridge/apsb22-49.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35701