Adobe’s November Patch Tuesday offering focused on several products not normally covered with its monthly security update, including Illustrator, Media Encoder and Animate.
None of the
patched vulnerabilities have been spotted in the wild.
Illustrator
CC 2019’s patch
covered three vulnerabilities, CVE-2019-7962, CVE-2019-8247 and CVE-2019-8248
with the first being rated important and the last two critical.
CVE-2019-7962
is an Insecure Library Loading (DLL hijacking) that can lead to privilege
escalation. CVE-2019-8247 and CVE-2019-8248 are memory corruption flaws leading
to remote code execution if exploited.
Animate
CC 2019’s update fixes CVE-2019-7960, rated as important, for versions 19.2.1
and earlier for Windows and macOS. The vulnerability is another insecure library
loading that could lead to privilege escalation if exploited.
Adobe
Media Encoder version 13.1 for Windows and macOS patches five
vulnerabilities, one rated important critical and four important.
The lone critical
problem is CVE-2019-8246 that if left unpatched and is exploited leads to arbitrary
code execution.
CVE-2019-8241.
CVE-2019-8242, CVE-2019-8243 and CVE-2019-8244 are the remaining issues
effecting Media Encoder.
The last two
months have seen Adobe issue out-of-bounds updates in the week following Patch
Tuesday. In October the company took care of 81 vulnerabilities in such an update.
Gloss