Severity
High
Analysis Summary
CVE-2024-20761 CVSS:7.8
Adobe Animate could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20754 CVSS:7.8
Adobe Lightroom could allow a remote attacker to execute arbitrary code on the system, caused by an untrusted search path flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
CVE-2024-20756 CVSS:8.6
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-20755 CVSS:7.8
Adobe Bridge is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-20752 CVSS:7.8
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-20767 CVSS:8.2
Adobe ColdFusion could allow a remote attacker to obtain sensitive information, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to perform an arbitrary file system read.
CVE-2024-20746 CVSS:7.8
Adobe Premiere Pro could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code in the context of the current user.
CVE-2024-20757 CVSS:5.5
Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20762 CVSS:5.5
Adobe Animate could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20763 CVSS:5.5
Adobe Animate could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20764 CVSS:5.5
Adobe Animate could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-20761
- CVE-2024-20754
- CVE-2024-20756
- CVE-2024-20755
- CVE-2024-20752
- CVE-2024-20767
- CVE-2024-20746
- CVE-2024-20757
- CVE-2024-20762
- CVE-2024-20763
- CVE-2024-20764
Affected Vendors
Adobe
Affected Products
- Adobe Animate 2023 23.0.3
- Adobe Animate 2023 24.0
- Adobe Lightroom 7.1.2
- Adobe Bridge 13.0.5
- Adobe Bridge 14.0.1
- Adobe ColdFusion 2023 Update 6
- Adobe ColdFusion 2021 Update 12
- Adobe Premiere Pro 24.1
- Adobe Premiere Pro 23.6.2
Remediation
Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.