CVE-2021-28596: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability (CVE-2021-28596) when parsing a specially crafted file. The vulnerability was discovered by Tran Van Khang from VinCSS working with Trend Micro Zero Day Initiative and was publicly disclosed on July 13, 2021 (Adobe Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) where malicious software can write data past the end or before the beginning of the intended memory buffer. The severity is rated as HIGH with a CVSS v3.1 base score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. This can lead to system corruption, crashes, or allow a hacker to execute malicious code on the targeted system (Threatpost).

Adobe has released patches to address this vulnerability. Users should update to the latest version of Adobe Framemaker to mitigate this security risk (Adobe Advisory).