CVE-2021-21093

HIGH

Adobe Bridge <11.0.1 - Memory Corruption

Title source: llm

Description

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (2)

[Vendor Advisory] https://helpx.adobe.com/security/products/bridge/apsb21-23.html

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-21-414/

Scores

CVSS v3 7.8

EPSS 0.0131

EPSS Percentile 79.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787 CWE-788

Status published

Products (1)

adobe/bridge 10.0 - 10.1.1

Published Apr 15, 2021

Tracked Since Feb 18, 2026