Login Sign Up

CVE-2021-21094

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-21094 is an out-of-bounds write vulnerability in Adobe Bridge that allows arbitrary code execution when parsing malicious files. Attackers can exploit this by tricking users into opening specially crafted files, potentially taking full control of the affected system. Users of Adobe Bridge versions 10.1.1 and earlier or 11.0.1 and earlier are affected.

💻 Affected Systems

Products:
  • Adobe Bridge
Versions: 10.1.1 and earlier, 11.0.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Bridge by Adobe

View all CVEs affecting Bridge →

Bridge by Adobe

View all CVEs affecting Bridge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation leading to data exfiltration, credential theft, or system disruption through user interaction with malicious files.

🟢

If Mitigated

Limited impact with proper patching and user awareness training preventing successful exploitation.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not directly exposed network services.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious file shares, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening malicious file) but is otherwise straightforward once the file format is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Bridge 10.1.2 or 11.0.2

Vendor Advisory: https://helpx.adobe.com/security/products/bridge/apsb21-23.html

Restart Required: Yes

Instructions:

1. Open Adobe Bridge. 2. Go to Help > Updates. 3. Follow prompts to install Bridge 10.1.2 or 11.0.2. 4. Restart the application.

🔧 Temporary Workarounds

Disable Bridge file parsing

all

Prevent Bridge from automatically opening or parsing unknown file types

User awareness training

all

Train users not to open files from untrusted sources

🧯 If You Can't Patch

  • Restrict user permissions to limit impact of code execution
  • Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check Adobe Bridge version in Help > About Adobe Bridge

Check Version:

On Windows: wmic product where name="Adobe Bridge" get version

Verify Fix Applied:

Verify version is 10.1.2 or higher for Bridge 10.x, or 11.0.2 or higher for Bridge 11.x

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Bridge crashes
  • Suspicious file access patterns
  • Unusual process creation from Bridge

Network Indicators:

  • Outbound connections from Bridge to unknown IPs
  • DNS requests to suspicious domains

SIEM Query:

process_name:"bridge.exe" AND (event_type:crash OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2021-21094
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21094, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)