Analysis Summary

CVE-2024-39380 CVSS:7.8

Adobe After Effects is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-45112 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-39384 CVSS:7.8

Adobe Premiere Pro could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code in the context of the current user.

Impact

• Buffer Overflow
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-39380
• CVE-2024-45112
• CVE-2024-39384

Affected Vendors

Affected Products

• Adobe After Effects - 24.5
• Adobe After Effects - 23.6.6
• Adobe Premiere Pro 24.5
• Adobe Premiere Pro 23.6.8
• Adobe After Effects - 0
• Adobe Acrobat DC - 24.002.21005
• Adobe Acrobat DC - 24.003.20054
• Adobe Acrobat Reader DC - 24.003.20054
• Adobe Acrobat Reader DC - 24.002.21005
• Adobe Acrobat 2024 - 24.001.30159
• Adobe Acrobat 2020 - 20.005.30655
• Adobe Acrobat Reader 2020 - 20.005.30655
• Adobe Acrobat Reader - 0
• Adobe Premiere Pro - 0

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39380

CVE-2024-45112

CVE-2024-39384