CVE-2021-35997
📋 TL;DR
Adobe Premiere Pro versions 15.2 and earlier contain a memory corruption vulnerability when parsing malicious files. An attacker can achieve arbitrary code execution with the victim's privileges by tricking them into opening a specially crafted file. This affects all users running vulnerable versions of Adobe Premiere Pro.
💻 Affected Systems
- Adobe Premiere Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, and lateral movement within the network.
Likely Case
Local privilege escalation leading to data exfiltration, malware installation, or system disruption for the individual user.
If Mitigated
Limited impact with proper application sandboxing, user awareness training preventing malicious file opens, and network segmentation containing any potential spread.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file) but no authentication. The CWE-788 (Access of Memory Location After End of Buffer) suggests reliable exploitation may require specific file crafting.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.3 or later
Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' tab. 3. Find Adobe Premiere Pro and click 'Update'. 4. Follow on-screen prompts to complete installation. 5. Restart the application.
🔧 Temporary Workarounds
Restrict file types
allConfigure system or email filters to block .prproj files from untrusted sources.
User awareness training
allTrain users to only open Premiere Pro project files from trusted sources.
🧯 If You Can't Patch
- Isolate vulnerable systems from network resources to limit potential lateral movement.
- Implement application whitelisting to prevent execution of unauthorized code.
🔍 How to Verify
Check if Vulnerable:
Check Adobe Premiere Pro version via Help > About Premiere Pro. If version is 15.2 or earlier, the system is vulnerable.Check Version:
On Windows: Check version in Help > About Premiere Pro. On macOS: Check version in Premiere Pro > About Premiere Pro.Verify Fix Applied:
Verify version is 15.3 or later in Help > About Premiere Pro after updating.📡 Detection & Monitoring
Log Indicators:
- Application crashes of Adobe Premiere Pro with memory access errors
- Unexpected child processes spawned from Premiere Pro
Network Indicators:
- Unusual outbound connections from Premiere Pro process
SIEM Query:
Process creation where parent process contains 'premiere' AND (child process contains 'cmd' OR 'powershell' OR 'wscript')