Login Sign Up

CVE-2021-43755

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious file. Attackers could gain the same privileges as the current user. Users of Adobe After Effects versions 22.0 and earlier, and 18.4.2 and earlier are affected.

💻 Affected Systems

Products:
  • Adobe After Effects
Versions: 22.0 and earlier, 18.4.2 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. User interaction required to trigger the vulnerability.

📦 What is this software?

After Effects by Adobe

View all CVEs affecting After Effects →

After Effects by Adobe

View all CVEs affecting After Effects →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to data exfiltration or malware installation on the affected system.

🟢

If Mitigated

Limited impact with proper user awareness training and file validation controls in place.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to open a specially crafted malicious file. No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: After Effects 22.1 and 18.4.3

Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb21-115.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Adobe After Effects. 4. Click 'Update' button. 5. Wait for download and installation to complete. 6. Restart computer if prompted.

🔧 Temporary Workarounds

Restrict file opening

all

Configure system policies to prevent opening untrusted After Effects files

User awareness training

all

Train users to only open After Effects files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of malicious code
  • Use endpoint detection and response (EDR) solutions to monitor for suspicious After Effects behavior

🔍 How to Verify

Check if Vulnerable:

Check After Effects version via Help > About After Effects menu

Check Version:

On Windows: Check via Creative Cloud app or Help > About menu. On macOS: Check via Creative Cloud app or After Effects > About After Effects menu.

Verify Fix Applied:

Verify version is 22.1 or higher, or 18.4.3 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected After Effects crashes
  • Suspicious file opening events in application logs

Network Indicators:

  • Unusual outbound connections from After Effects process

SIEM Query:

process_name:"AfterFX.exe" AND (event_type:crash OR file_path:contains:".aep" AND source_ip:external)

📊 Metadata

CVE ID: CVE-2021-43755
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43755, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)