CVE-2021-28571: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects version 18.1 and earlier versions were found to contain a Command injection vulnerability (CVE-2021-28571). The vulnerability was discovered and assigned on March 16, 2021, affecting Adobe After Effects software running on Microsoft Windows systems. This security issue allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user, though exploitation requires user interaction through opening a malicious file (NVD, CVE).

The vulnerability is classified as an OS Command Injection (CWE-78) that can be chained with a development and debugging tool for JavaScript scripts. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) according to NVD, while Adobe's assessment gives it a slightly lower score of 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current user. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as HIGH in the CVSS scoring (NVD).

Adobe has addressed this vulnerability in versions after After Effects 18.1. Users are advised to update to the latest version of the software to mitigate this security risk (Adobe Advisory).