Adobe Programs on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among 5 products, together with Download Supervisor, ColdFusion, Genuine Company, Media Encoder and the Inventive Cloud Desktop Application.
Down load Manager 2…518 for Windows incorporates a command injection flaw (CVE-2020-9688), that can result in arbitrary code execution. Uncovered by researcher Dhiraj Mishra, the bug has been repaired with the launch of model 2…529.
Two far more critical vulnerabilities that can final result in arbitrary code execution have been found in Media Encoder 14.2 and previously versions for Windows. Found out by the Trend Micro Zero Working day Initiative and fixed in edition 14.3, the bugs (CVE-2020-9650, CVE-2020-9646) are caused by an out-of-bounds publish ailment. Media Encoder was also identified to have an vital information and facts disclosure issue, prompted by an out-of-bounds study.
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The final critical vulnerability is 1 of 4 bugs that ended up found in Resourceful Cloud Desktop Application 5.1 and earlier versions for Windows. Explained as a Symlink vulnerability capable of an arbitrary file process compose, the bug CVE-2020-9682 was uncovered by Zhongcheng Li of Topsec Alpha Team and preset in variation 5.2.
The there other Resourceful Cloud flaws were being all considered important in severity and classified as privilege escalation bugs.
ColdFusion 2016 and ColdFusion 2018 (for all platforms) were also patched soon after the discovery of two critical DLL search-order hijacking vulnerabilities that can lead to privilege escalation, and Authentic Service for Windows and macOS was updated to take care of a few additional privilege escalation flaws.