June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
FormBook Malware – Active IOCs
November 20, 2024
ShadowPad RAT – Active IOCs
November 20, 2024
FormBook Malware – Active IOCs
November 20, 2024
ShadowPad RAT – Active IOCs
November 20, 2024
Severity
Medium
Analysis Summary
CVE-2024-47455 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47454 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47453 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47452 CVSS:7.8
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47451 CVSS:7.8
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47450 CVSS:7.8
Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47449 CVSS:5.5
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47446 CVSS:5.5
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47445 CVSS:5.5
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47444 CVSS:5.5
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47443 CVSS:7.8
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47442 CVSS:7.8
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47441 CVSS:7.8
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47440 CVSS:5.5
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47439 CVSS:5.5
Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Denial of Service
- Code Execution
- Security Bypass
- Buffer Overflow
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-47455
- CVE-2024-47454
- CVE-2024-47453
- CVE-2024-47452
- CVE-2024-47451
- CVE-2024-47450
- CVE-2024-47449
- CVE-2024-47446
- CVE-2024-47445
- CVE-2024-47444
- CVE-2024-47443
- CVE-2024-47442
- CVE-2024-47441
- CVE-2024-47440
- CVE-2024-47439
Affected Vendors
Adobe
Affected Products
- Adobe Substance3D - Painter 10.1.0
- Adobe Illustrator 28.7.1
- Adobe Audition 23.6.9
- Adobe Audition 24.4.6
- Adobe After Effects 23.6.9
- Adobe After Effects 24.6.2
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.
