Trend Micro Zero Day Initiative (ZDI) Expert Matt Powell Discovered a number of dangerous vulnerabilities Adobe products include Character Animation, Premiere Rush, Premiere Pro, and Audition.
The most serious of these problems is CVE-2020-9586: Stack buffer overflow that affects Windows and macOS versions of Adobe Character Animation (versions 3.2 and earlier). This error can be used for remote execution of arbitrary code and scored 7.8 points out of 10 possible on the CVSS scale.
On Windows and macOS versions of Adobe Premiere Rush video editing software (CVE-2020-9617) and Premiere Pro (CVE-2020-9616), as well as in software for recording and editing audio Audition (CVE-2020-9618) Powell found out-of-bounds reading bugs that could lead to information disclosure. Each product revealed one vulnerability, the identifiers of which are given above.
Adobe developers report that they did not find any signs of exploitation of these vulnerabilities by cybercriminals. The company generally assigned them a priority rating of 3, that is, Adobe believes that these bugs are unlikely to ever be used.
However, unscheduled patches have already been released for all vulnerable products, and users are advised to install updates as soon as possible.