Request a Demo
Rewterz
Rewterz Threat Alert – RansomHouse Operation Utilizes New MrAgent Tool to Automate VMware ESXi Attacks – Active IOCs
February 20, 2024
Rewterz
Rewterz Threat Update – International Law Enforcement Operation Disrupts LockBit Ransomware
February 20, 2024

Rewterz Threat Advisory – Multiple Adobe Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20747 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20743 CVSS:7.8

Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20750 CVSS:7.8

Adobe Substance 3D Designer could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20739 CVSS:7.8

Adobe Audition is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-20738 CVSS:9.8

Adobe FrameMaker Publishing Server could allow a remote attacker to bypass security restrictions, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the security feature.

CVE-2024-20742 CVSS:7.8

Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20723 CVSS:7.8

Adobe Acrobat and Adobe Reader are vulnerable to a buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-20749 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20735 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20741 CVSS:7.8

Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20725 CVSS:5.5

Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20734 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20736 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20748 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20733 CVSS:5.5

Adobe Acrobat and Adobe Reader are vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-20724 CVSS:5.5

Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20722 CVSS:5.5

Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-20744 CVSS:7.8

Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-20740 CVSS:7.8

Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

Impact

  • Denial of Service
  • Gain Access
  • Code Execution
  • Security Bypass
  • Buffer Overflow
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2024-20747
  • CVE-2024-20743
  • CVE-2024-20750
  • CVE-2024-20739
  • CVE-2024-20738
  • CVE-2024-20742
  • CVE-2024-20723
  • CVE-2024-20749
  • CVE-2024-20735
  • CVE-2024-20741
  • CVE-2024-20725
  • CVE-2024-20734
  • CVE-2024-20736
  • CVE-2024-20748
  • CVE-2024-20733
  • CVE-2024-20724
  • CVE-2024-20722
  • CVE-2024-20744
  • CVE-2024-20740

Affected Vendors

Adobe

Affected Products

  • Adobe Acrobat DC 23.008.20470
  • Adobe Acrobat Reader DC 23.008.20470
  • Adobe Acrobat 2020 20.005.30539
  • Adobe Acrobat Reader 2020 20.005.30539
  • Adobe Substance 3D Painter 9.1.1
  • Adobe Substance 3D Designer 13.1.0
  • Adobe Audition 24.0.3
  • Adobe Audition 23.6.2
  • Adobe FrameMaker Publishing Server 2022 Update 1

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-20747

CVE-2024-20743

CVE-2024-20750

CVE-2024-20739

CVE-2024-20738

CVE-2024-20742

CVE-2024-20723

CVE-2024-20749

CVE-2024-20735

CVE-2024-20741

CVE-2024-20725

CVE-2024-20734

CVE-2024-20736

CVE-2024-20748

CVE-2024-20733

CVE-2024-20724

CVE-2024-20722

CVE-2024-20744

CVE-2024-20740