CVE-2020-9656
📋 TL;DR
Adobe Premiere Rush versions 1.5.12 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of the video editing software. Successful exploitation requires user interaction, such as opening a malicious file.
💻 Affected Systems
- Adobe Premiere Rush
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary code execution with the privileges of the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation or system compromise when a user opens a specially crafted malicious file, allowing attackers to run code in the context of the Premiere Rush process.
If Mitigated
Limited impact if proper application sandboxing, least privilege principles, and file validation are implemented, potentially containing the exploit to the application sandbox.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques. No public exploits were available at disclosure time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.13 or later
Vendor Advisory: https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud desktop app. 2. Navigate to 'Apps' tab. 3. Find Premiere Rush and click 'Update' if available. 4. Alternatively, download latest version from Adobe website. 5. Restart computer after installation.
🔧 Temporary Workarounds
Restrict file opening
allOnly open Premiere Rush project files from trusted sources and avoid opening unknown .rshproj files.
Application sandboxing
allRun Premiere Rush in a sandboxed environment or virtual machine to limit potential damage from exploitation.
🧯 If You Can't Patch
- Uninstall Premiere Rush until patching is possible
- Implement application whitelisting to block Premiere Rush execution entirely
🔍 How to Verify
Check if Vulnerable:
Check Premiere Rush version in Help > About Premiere Rush menu. If version is 1.5.12 or earlier, system is vulnerable.Check Version:
On Windows: Check 'Help > About Premiere Rush'. On macOS: 'Premiere Rush > About Premiere Rush'Verify Fix Applied:
Verify version is 1.5.13 or later in Help > About Premiere Rush menu after update.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unusual process creation from Premiere Rush executable
- Suspicious file operations originating from Premiere Rush
Network Indicators:
- Unexpected outbound connections from Premiere Rush process
- DNS requests to suspicious domains after file opening
SIEM Query:
Process creation where parent_process_name contains 'Premiere Rush' AND (process_name not in ['expected_child_processes']) OR Application crash events with source='Premiere Rush'