Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application.
Download Manager 184.108.40.2068 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra, the bug has been repaired with the release of version 220.127.116.119.
Two more critical vulnerabilities that can result in arbitrary code execution were found in Media Encoder 14.2 and earlier versions for Windows. Discovered by the Trend Micro Zero Day Initiative and fixed in version 14.3, the bugs (CVE-2020-9650, CVE-2020-9646) are caused by an out-of-bounds write…