WARNING! Three unpatchable vulnerabilities in Adobe found in the Media Encoder tool

Adobe has released an unscheduled patch to address three vulnerabilities found in the Media Encoder tool, which is used to encode audio and video in various formats.

Three of the issues identified were identified as CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 and represent out-of-bound reading problems that could eventually lead to disclosure and information leakage in the context of the current user.

All three vulnerabilities are rated Important and pose a threat to Adobe Media Encoder 14.4 (both Windows and Mac). Each vulnerability was assigned priority 3, which means that, in the opinion of Adobe, attacks on these bugs have not been and are not expected.

Last week, as part of the September Patch Tuesday, Adobe also patched a number of vulnerabilities in Adobe Experience Manager, InDesign and Framemaker. And these problems were much more serious than the recent bugs in Media Encoder.

The biggest fix pack received was Adobe Experience Manager . So, in AEM, five critical vulnerabilities were fixed at once, affecting versions,, and earlier, as well as in 6.2 SP1-CFP20 and earlier. Fixed issues included reflected and persistent XSS (CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and CVE-2020-9742). All of these errors could lead to the execution of arbitrary JavaScript code in the browser.

Five other vulnerabilities (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, and CVE-2020-9731) were fixed as part of Adobe InDesign and affected versions 15.1.1 and below. These bugs could lead to the execution of arbitrary code in the context of the current user and were associated with a violation of the integrity of information in memory.

Adobe Framemaker also received a security update. In particular, two critical vulnerabilities related to out-of-bound reading and stack buffer overflow were patched (CVE-2020-9726, CVE-2020-9725). Their exploitation could lead to the execution of arbitrary code.