Adobe Bridge CC 9.0.2 Remote Code Execution Vulnerability


Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.


The information has been provided by Francis Provencher
The original article can be found at:


This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

Vulnerable Systems:

  • Adobe Bridge Cc 9.0.2

CVE Information:

Disclosure Timeline:
Publish Date:05/23/2019

Categories: News