Login Sign Up

CVE-2021-42724

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Bridge versions 11.1.1 and earlier contain a memory corruption vulnerability that allows attackers to execute arbitrary code by tricking users into opening malicious files. This affects all users running vulnerable versions of Adobe Bridge. Successful exploitation requires user interaction but could lead to complete system compromise.

💻 Affected Systems

Products:
  • Adobe Bridge
Versions: 11.1.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Bridge by Adobe

View all CVEs affecting Bridge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only affecting isolated user data.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/bridge/apsb21-94.html

Restart Required: Yes

Instructions:

1. Open Adobe Bridge. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 11.1.2 or later. 4. Restart Adobe Bridge after installation.

🔧 Temporary Workarounds

Disable automatic file opening

all

Configure Adobe Bridge to not automatically open files or use safe mode for file handling

Restrict file types

windows

Use group policy or application controls to block suspicious file types from being opened in Adobe Bridge

🧯 If You Can't Patch

  • Remove Adobe Bridge from systems where it's not essential for business operations
  • Implement application whitelisting to prevent execution of malicious payloads even if vulnerability is triggered

🔍 How to Verify

Check if Vulnerable:

Check Adobe Bridge version in Help > About Adobe Bridge. If version is 11.1.1 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Bridge\Version

Verify Fix Applied:

Verify Adobe Bridge version is 11.1.2 or later in Help > About Adobe Bridge.

📡 Detection & Monitoring

Log Indicators:

  • Adobe Bridge crash logs with memory access violations
  • Unexpected child processes spawned from Adobe Bridge

Network Indicators:

  • Outbound connections from Adobe Bridge to suspicious IPs
  • DNS requests for known malicious domains from Adobe Bridge process

SIEM Query:

process_name:"bridge.exe" AND (event_type:crash OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2021-42724
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: March 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42724, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2021-21104 8.8

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code exe...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)