-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.3927
     APSB22-43 : Security update available for Adobe Premiere Elements
                              10 August 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Premiere Elements
Publisher:         Adobe
Operating System:  Windows
                   macOS
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-34235 CVE-2021-40701 CVE-2021-39824

Original Bulletin: 
   https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html

Comment: CVSS (Max):  8.8 CVE-2022-34235 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
         CVSS Source: Adobe
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security updates available for Adobe Premiere Elements | APSB22-43

Bulletin ID                  Date Published                Priority

ASPB22-43                    August 9, 2022                    3


Summary

Adobe has released updates for Adobe Premiere Elements for Windows and macOS.
This update addresses a critical vulnerability. Successful exploitation could
lead to privilege escalation
in the context of the current user.

Affected Versions

Product                           Version                 Platform

Adobe Premiere Elements        2022 (Version 20.0)       Windows and macOS


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users to download the new installer and upgrade their installations.

Product                Version             Platform   Priority Availability

Adobe Premiere  2022 (Version 20.0            Windows and 3        Download
Elements        20220702.Git.main.e4f8578)    macOS                Center

Note:

To verify the version of Premiere Elements on your system, please follow the
following steps:

  o Help
  o About Premiere Elements menu
  o The splash screen would show the current version and build number.

Vulnerability details

  Vulnerability   Vulnerability          CVSS
    Category         Impact     Severity base     CVSS vector     CVE Numbers
                                         score

Uncontrolled                                   CVSS:3.0/AV:L/
Search Path       Privilege     Critical 8.8   AC:L/PR:L/UI:N/   CVE-2022-34235
Element ( CWE-427 escalation                   S:C/C:H/I:H/A:H
)


Acknowledgments

Adobe would like to thank the following for reporting these issues and for
working with Adobe to help protect our customers:

  o Tom Joran Sonstebyseter Ronning (l1v1ng0ffth3l4n) -- CVE-2022-34235

For more information, visit https://helpx.adobe.com/security.html , or email
PSIRT@adobe.com.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYvLwZskNZI30y1K9AQiymhAAhDNPwCTEGt6+eCDzq6XDCTJxCLobzpUJ
i06DnalXWD+q6MqA1gDVRIaV/KqERWh+O8Q8irXuRFOcbJVm51Un20dX48z4FIoU
koZ1K2GN1Ri+vcBlpY0ppy/8qU7xrzcpIjFtC4LV1EYQMcFeK24b4llRrTG7I4XC
deIy6yT4XkyZHoslVttcn0OWWyG+VoBpxU5prXCdrrDgW9r0Kbm5X2vJB3/kv7sQ
Keav/QbkJdwyzU4EMOq+CoNy4L+FubTq95hrzcYjN4fWQBwHM+avpalyBm/KZZ/7
J4lFTHcUX9lCgzzHZPrZKg5JCzLNElzWgU1X8S47SmsEqPDVV0ciKpG4FfGpd+hr
WfglXAjAhWEHufnB/yc7xt1o+lZd5CH8V3Vp5E7BbB42UQeh01dktce0AjFMAtOy
rYgnm5nXwALdKrieAAUsMLjwAbtijDJNZsg69hT80vorrcv+lF/sHufcw2PaFUVT
fwIJg8h1L+hHoyFcvfCD5mS5umxx10OhC0DzeK4WP1kHe6eNg60ADD7IYgV0AEQp
Bj2A/bfvAQxn8bEX5e9GAbKSl1TVobhkOOhnphVE2N6Ck9IMB6JXQOTuVHsI1SV6
viuOaBlMABJRD70BZ50phYmoS/eqL1Kp178cvQd2q5xZGgHzg3RY4thAso0Cl7M3
72KVuSOj49c=
=3t1c
-----END PGP SIGNATURE-----