CVE-2021-42737 – Adobe Prelude versions 10.1 and earlier contain... (How to Fix)

Q: What is the severity of CVE-2021-42737?

CVE-2021-42737 has a CVSS score of 7.8 (HIGH). Adobe Prelude versions 10.1 and earlier contain a memory corruption vulnerability when processing malicious WAV files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users who open specially crafted WAV files are affected.

📋 TL;DR

Adobe Prelude versions 10.1 and earlier contain a memory corruption vulnerability when processing malicious WAV files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users who open specially crafted WAV files are affected.

💻 Affected Systems

Products:

Adobe Prelude

Versions: 10.1 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Prelude by Adobe

View all CVEs affecting Prelude →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources.

🟢

If Mitigated

Limited impact with proper user training and application sandboxing, potentially only application crash.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). Memory corruption vulnerabilities typically require skilled exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.1 or later

Vendor Advisory: https://helpx.adobe.com/security/products/prelude/apsb21-96.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe Prelude and click 'Update'. 4. Restart computer after installation completes.

🔧 Temporary Workarounds

File Type Restriction

all

Block WAV files from untrusted sources using file extension filtering or application control policies.

Application Sandboxing

all

Run Adobe Prelude in restricted mode or sandboxed environment to limit potential damage.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Educate users to never open WAV files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Adobe Prelude version in Help > About Adobe Prelude. If version is 10.1 or earlier, system is vulnerable.

Check Version:

On Windows: Check 'About Adobe Prelude' in application menu. On macOS: Adobe Prelude > About Adobe Prelude

Verify Fix Applied:

Verify version is 10.1.1 or later in Help > About Adobe Prelude.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening WAV files
Unusual process creation from Adobe Prelude

Network Indicators:

Outbound connections from Adobe Prelude to suspicious IPs

SIEM Query:

source="*prelude*" AND (event_type="crash" OR process_name="cmd.exe" OR process_name="powershell.exe")

📊 Metadata

CVE ID: CVE-2021-42737

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-788

Published: November 22, 2021

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/prelude/apsb21-96.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/prelude/apsb21-96.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42737, you might also want to check these: