Login Sign Up

CVE-2021-40792

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Premiere Pro versions 15.4.1 and earlier contain a memory corruption vulnerability when processing malicious files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users who open untrusted Premiere Pro project files are at risk.

💻 Affected Systems

Products:
  • Adobe Premiere Pro
Versions: 15.4.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when processing malicious project files.

📦 What is this software?

Premiere Pro by Adobe

View all CVEs affecting Premiere Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to user account compromise, data exfiltration, or malware installation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to open a specially crafted malicious file. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.4.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb21-100.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud desktop app. 2. Go to Apps tab. 3. Find Premiere Pro and click Update. 4. Restart Premiere Pro after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Configure Premiere Pro to only open trusted project files from known sources.

Application sandboxing

all

Run Premiere Pro in restricted mode or sandbox to limit potential damage.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Restrict user privileges to standard user accounts (not administrator)

🔍 How to Verify

Check if Vulnerable:

Check Premiere Pro version via Help > About Premiere Pro. If version is 15.4.1 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere Pro\15.0\Version. On macOS: Check /Applications/Adobe Premiere Pro 2021/Adobe Premiere Pro 2021.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify version is 15.4.2 or later in Help > About Premiere Pro.

📡 Detection & Monitoring

Log Indicators:

  • Premiere Pro crash logs with memory access violations
  • Unexpected child processes spawned from Premiere Pro

Network Indicators:

  • Unusual outbound connections from Premiere Pro process

SIEM Query:

process_name:"Adobe Premiere Pro.exe" AND (event_type:crash OR parent_process_name:"Adobe Premiere Pro.exe")

📊 Metadata

CVE ID: CVE-2021-40792
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: March 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40792, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2021-21104 8.8

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code exe...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)