Adobe’s November Patch Tuesday offering focused on several products not normally covered with its monthly security update, including Illustrator, Media Encoder and Animate.
None of the patched vulnerabilities have been spotted in the wild.
Illustrator CC 2019’s patch covered three vulnerabilities, CVE-2019-7962, CVE-2019-8247 and CVE-2019-8248 with the first being rated important and the last two critical.
CVE-2019-7962 is an Insecure Library Loading (DLL hijacking) that can lead to privilege escalation. CVE-2019-8247 and CVE-2019-8248 are memory corruption flaws leading to remote code execution if exploited.
Animate CC 2019’s update fixes CVE-2019-7960, rated as important, for versions 19.2.1 and earlier for Windows and macOS. The vulnerability is another insecure library loading that could lead to privilege escalation if exploited.
Adobe Media Encoder version 13.1 for Windows and macOS patches five vulnerabilities, one rated important critical and four important.
The lone critical problem is CVE-2019-8246 that if left unpatched and is exploited leads to arbitrary code execution.
CVE-2019-8241. CVE-2019-8242, CVE-2019-8243 and CVE-2019-8244 are the remaining issues effecting Media Encoder.
The last two months have seen Adobe issue out-of-bounds updates in the week following Patch Tuesday. In October the company took care of 81 vulnerabilities in such an update.