CVE-2021-3375 – ActivePresenter 6.1.6 contains a memory corrupt... (How to Fix)

Q: What is the severity of CVE-2021-3375?

CVE-2021-3375 has a CVSS score of 9.8 (CRITICAL). ActivePresenter 6.1.6 contains a memory corruption vulnerability (CWE-787) that allows attackers to crash the application or execute arbitrary code by exploiting improper memory operations. This affects all users running the vulnerable version of ActivePresenter, potentially leading to system compromise.

📋 TL;DR

ActivePresenter 6.1.6 contains a memory corruption vulnerability (CWE-787) that allows attackers to crash the application or execute arbitrary code by exploiting improper memory operations. This affects all users running the vulnerable version of ActivePresenter, potentially leading to system compromise.

💻 Affected Systems

Products:

ActivePresenter

Versions: 6.1.6 specifically (based on CVE description)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of ActivePresenter 6.1.6 are vulnerable regardless of configuration.

📦 What is this software?

Activepresenter by Atomisystems

View all CVEs affecting Activepresenter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/administrator privileges leading to complete system takeover, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service and potential data loss in unsaved presentations.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking exploit attempts.

🌐 Internet-Facing: MEDIUM - While the application itself isn't typically internet-facing, malicious files could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users opening malicious presentation files could lead to lateral movement within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates crash/DoS; weaponization for RCE is likely given CVSS 9.8 score and memory corruption nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.7 or later

Vendor Advisory: https://atomisystems.com/activepresenter/

Restart Required: Yes

Instructions:

1. Download latest version from ActivePresenter website. 2. Run installer. 3. Restart system if prompted.

🔧 Temporary Workarounds

Application Control

windows

Block execution of ActivePresenter 6.1.6 using application whitelisting/blacklisting

Windows: Use AppLocker or Windows Defender Application Control policies

File Type Restriction

all

Block .presentation files at email/web gateways

🧯 If You Can't Patch

Network segmentation to isolate systems running vulnerable version
Implement strict endpoint detection and response (EDR) to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Help > About in ActivePresenter for version number

Check Version:

Windows: wmic product where name="ActivePresenter" get version

Verify Fix Applied:

Verify version is 6.1.7 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crash logs from ActivePresenter
Unexpected process termination events

Network Indicators:

Downloads of suspicious presentation files
Outbound connections from ActivePresenter process

SIEM Query:

Process:ActivePresenter.exe AND (EventID:1000 OR EventID:1001)

📊 Metadata

CVE ID: CVE-2021-3375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 15, 2021

Last Updated: November 21, 2024

🔗 References

https://code610.blogspot.com/2021/01/crashing-activepresenter.html Exploit,Third Party Advisory
https://code610.blogspot.com/2021/01/crashing-activepresenter.html Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3375, you might also want to check these: