CVE-2020-3764: 
Adobe Media Encoder vulnerability analysis and mitigation

Adobe Media Encoder versions 14.0 and earlier contain an out-of-bounds write vulnerability identified as CVE-2020-3764. The vulnerability was discovered in December 2019 and publicly disclosed on February 20, 2020. This security flaw affects the Windows versions of Adobe Media Encoder, specifically in the processing of 3GP and MP4 files (Adobe Security, NVD).

The vulnerability stems from the lack of proper validation of user-supplied data during the processing of 3GP and MP4 files, which can result in a write operation past the end of an allocated structure. The flaw received a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating its critical severity. User interaction is required for exploitation, as the target must open a malicious file (ZDI Advisory, ZDI Advisory).

Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current process. An attacker who successfully exploits this vulnerability could gain the ability to execute malicious code on the target system (NVD, Threatpost).

Adobe addressed this vulnerability by releasing version 14.0.2 of Media Encoder. The update was given a priority 3 rating, indicating that it resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion (Adobe Security, Threatpost).