July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Adobe Substance Vulnerabilities
May 17, 2024Multiple Adobe Illustrator Vulnerabilities
May 17, 2024Multiple Adobe Substance Vulnerabilities
May 17, 2024Multiple Adobe Illustrator Vulnerabilities
May 17, 2024
Severity
High
Analysis Summary
CVE-2024-30296 CVSS:7.8
Adobe Animate could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30282 CVSS:7.8
Adobe Animate could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30297 CVSS:7.8
Adobe Animate could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30293 CVSS:7.8
Adobe Animate is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30294 CVSS:7.8
Adobe Animate is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30295 CVSS:7.8
Adobe Animate could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-30298 CVSS:5.5
Adobe Animate could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-30296
- CVE-2024-30282
- CVE-2024-30297
- CVE-2024-30293
- CVE-2024-30294
- CVE-2024-30295
- CVE-2024-30298
Affected Vendors
Adobe
Affected Products
- Adobe Animate 2024 24.0.2
- Adobe Animate 2023 23.0.5
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.