Request a Demo
Rewterz
ICS: Multiple Siemens Products Vulnerabilities
July 12, 2024
Rewterz
Multiple SAP Products Vulnerabilities
July 12, 2024

Multiple Adobe Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-20785 CVSS:7.8

Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-20782 CVSS:7.8

Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20783 CVSS:7.8

Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-34139 CVSS:7.8

Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-20781 CVSS:7.8

Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-34123 CVSS:7

Adobe Premiere Pro could allow a remote attacker to execute arbitrary code on the system, caused by an untrusted search path error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code in the context of the current user.

Impact

  • Gain Access

Indicators of Compromise

CVE

  • CVE-2024-20785
  • CVE-2024-20782
  • CVE-2024-20783
  • CVE-2024-34139
  • CVE-2024-20781
  • CVE-2024-34123

Affected Vendors

Adobe

Affected Products

  • Adobe InDesign ID19.3
  • Adobe InDesign ID18.5.2
  • Adobe Bridge 13.0.7
  • Adobe Bridge 14.1
  • Adobe Premiere Pro 24.4.1
  • Adobe Premiere Pro 23.6.5

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20785

CVE-2024-20782

CVE-2024-20783

CVE-2024-34139

CVE-2024-20781

CVE-2024-34123