CVE-2021-43028 – Adobe Premiere Rush versions 1.5.16 and earlier... (How to Fix)

Q: What is the severity of CVE-2021-43028?

CVE-2021-43028 has a CVSS score of 7.8 (HIGH). Adobe Premiere Rush versions 1.5.16 and earlier contain a memory corruption vulnerability when processing malicious M4A files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users must open a specially crafted M4A file to trigger the exploit.

📋 TL;DR

Adobe Premiere Rush versions 1.5.16 and earlier contain a memory corruption vulnerability when processing malicious M4A files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users must open a specially crafted M4A file to trigger the exploit.

💻 Affected Systems

Products:

Adobe Premiere Rush

Versions: 1.5.16 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable when processing M4A files.

📦 What is this software?

Premiere Rush by Adobe

View all CVEs affecting Premiere Rush →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to user account compromise and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if user runs with minimal privileges and file execution is blocked by security controls.

🌐 Internet-Facing: LOW - Requires user interaction with malicious file, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file. Memory corruption vulnerabilities typically require some exploit development skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.17 or later

Vendor Advisory: https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Restart Required: Yes

Instructions:

1. Open Adobe Premiere Rush. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart the application.

🔧 Temporary Workarounds

Block M4A file execution

all

Prevent Premiere Rush from processing M4A files via application control or file extension blocking.

Run with reduced privileges

all

Configure Premiere Rush to run with standard user privileges instead of administrative rights.

🧯 If You Can't Patch

Disable Premiere Rush until patching is possible
Implement application whitelisting to prevent execution of unauthorized files

🔍 How to Verify

Check if Vulnerable:

Check Premiere Rush version in application settings or About dialog. If version is 1.5.16 or earlier, system is vulnerable.

Check Version:

On Windows: Check via Control Panel > Programs > Programs and Features. On macOS: Check via About Premiere Rush in application menu.

Verify Fix Applied:

Verify version is 1.5.17 or later in application settings.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing M4A files
Unexpected process creation from Premiere Rush

Network Indicators:

Outbound connections from Premiere Rush to unknown IPs post-crash

SIEM Query:

Process:premiererush.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:.m4a AND Process:premiererush.exe

📊 Metadata

CVE ID: CVE-2021-43028

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-788

Published: December 20, 2021

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html Vendor Advisory
https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43028, you might also want to check these: