Login Sign Up

CVE-2021-43747

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Premiere Rush versions 1.5.16 and earlier contain a memory corruption vulnerability when processing malicious WAV files. This could allow attackers to execute arbitrary code with the privileges of the current user. Users who open untrusted WAV files in affected versions are at risk.

💻 Affected Systems

Products:
  • Adobe Premiere Rush
Versions: 1.5.16 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when processing WAV files.

📦 What is this software?

Premiere Rush by Adobe

View all CVEs affecting Premiere Rush →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to user account compromise and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if user runs with minimal privileges and doesn't open untrusted files.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to open a malicious WAV file. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.17 or later

Vendor Advisory: https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Restart Required: Yes

Instructions:

1. Open Adobe Premiere Rush
2. Go to Help > Check for Updates
3. Install update to version 1.5.17 or later
4. Restart the application

🔧 Temporary Workarounds

Disable WAV file association

all

Prevent Premiere Rush from automatically opening WAV files

Windows: Control Panel > Default Programs > Associate a file type > Remove .wav association with Premiere Rush
macOS: Right-click .wav file > Get Info > Open With > Change to different application

User awareness training

all

Educate users not to open WAV files from untrusted sources

🧯 If You Can't Patch

  • Run Premiere Rush with limited user privileges (not as administrator)
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Premiere Rush version in application (Help > About Premiere Rush). If version is 1.5.16 or earlier, system is vulnerable.

Check Version:

Windows: Check application version in Help > About. macOS: Check application version in Premiere Rush > About Premiere Rush.

Verify Fix Applied:

Verify version is 1.5.17 or later after update installation.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing WAV files
  • Unusual process creation from Premiere Rush

Network Indicators:

  • Outbound connections from Premiere Rush to unusual destinations

SIEM Query:

process_name:"Premiere Rush.exe" AND (event_type:crash OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2021-43747
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: December 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43747, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2021-21104 8.8

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code exe...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)