CVE-2021-36072
📋 TL;DR
CVE-2021-36072 is an out-of-bounds write vulnerability in Adobe Bridge that allows arbitrary code execution when a user opens a malicious file. This affects Adobe Bridge 11.1 and earlier versions, putting users who process untrusted files at risk of complete system compromise.
💻 Affected Systems
- Adobe Bridge
📦 What is this software?
Bridge by Adobe
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malware installation through spear-phishing campaigns where users are tricked into opening malicious image or document files through Bridge.
If Mitigated
Limited impact if users only open trusted files from verified sources and have endpoint protection.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) but the vulnerability itself is straightforward to exploit once weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Adobe Bridge 11.1.1 and later
Vendor Advisory: https://helpx.adobe.com/security/products/bridge/apsb21-69.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe Bridge and click 'Update' if available. 4. Alternatively, download Bridge 11.1.1 or later from Adobe website. 5. Install update and restart system.
🔧 Temporary Workarounds
Disable Bridge file handling
allPrevent Bridge from automatically opening or processing certain file types
Restrict file execution
windowsUse application control policies to restrict execution of Bridge with untrusted files
🧯 If You Can't Patch
- Implement strict user training about opening files from untrusted sources
- Deploy endpoint protection with file reputation checking and behavioral analysis
🔍 How to Verify
Check if Vulnerable:
Open Adobe Bridge, go to Help > About Adobe Bridge. If version is 11.1 or earlier, system is vulnerable.Check Version:
On Windows: wmic product where name="Adobe Bridge" get version
On macOS: /Applications/Adobe Bridge/Adobe Bridge.app/Contents/Info.plist | grep -A1 CFBundleShortVersionStringVerify Fix Applied:
Check version in Help > About Adobe Bridge. Version should be 11.1.1 or later.📡 Detection & Monitoring
Log Indicators:
- Unexpected Bridge crashes
- Bridge spawning unusual child processes
- File access to suspicious locations
Network Indicators:
- Bridge process making unexpected outbound connections after file open
SIEM Query:
process_name:"bridge.exe" AND (event_id:1 OR event_id:4688) AND parent_process_name NOT IN ("explorer.exe", "creativecloud.exe")