CVE-2021-40751: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects version 18.4 and earlier versions are affected by a memory corruption vulnerability that occurs due to insecure handling of malicious .m4a files. The vulnerability was disclosed in October 2021 and requires user interaction, specifically opening a specially crafted file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as a memory corruption issue, specifically an improper restriction of operations within the bounds of a memory buffer (CWE-119) and access of memory location after end of buffer (CWE-788). It received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user, potentially allowing an attacker to take control of the affected system (Threatpost).

Adobe has released patches to address this vulnerability in After Effects. Users are advised to update to the latest version of the software through the official Adobe update channels (Adobe Advisory).

The vulnerability was part of a larger Adobe security update that addressed 92 vulnerabilities across 14 products. The discovery was credited to researchers from TopSec Alpha Team and Trend Micro's Zero-Day Initiative (ZDI) (Threatpost).