June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens Products Vulnerabilities
July 12, 2024Multiple SAP Products Vulnerabilities
July 12, 2024ICS: Multiple Siemens Products Vulnerabilities
July 12, 2024Multiple SAP Products Vulnerabilities
July 12, 2024
Severity
High
Analysis Summary
CVE-2024-20785 CVSS:7.8
Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-20782 CVSS:7.8
Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20783 CVSS:7.8
Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-34139 CVSS:7.8
Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-20781 CVSS:7.8
Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-34123 CVSS:7
Adobe Premiere Pro could allow a remote attacker to execute arbitrary code on the system, caused by an untrusted search path error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code in the context of the current user.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-20785
- CVE-2024-20782
- CVE-2024-20783
- CVE-2024-34139
- CVE-2024-20781
- CVE-2024-34123
Affected Vendors
Adobe
Affected Products
- Adobe InDesign ID19.3
- Adobe InDesign ID18.5.2
- Adobe Bridge 13.0.7
- Adobe Bridge 14.1
- Adobe Premiere Pro 24.4.1
- Adobe Premiere Pro 23.6.5
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.