CVE-2021-28596
HIGHAdobe Framemaker < 2019.0.8 and 2020.0.1 - Out-of-bounds Write via Crafted File
Title source: llmDescription
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/framemaker/apsb21-45.html
Scores
CVSS v3
7.8
EPSS
0.0232
EPSS Percentile
81.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (2)
adobe/framemaker
2020.0.1
adobe/framemaker
< 2019.0.8
Published
Aug 23, 2021
Tracked Since
Feb 18, 2026