Severity
High
Analysis Summary
CVE-2024-39380 CVSS:7.8
Adobe After Effects is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-45112 CVSS:7.8
Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-39384 CVSS:7.8
Adobe Premiere Pro could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code in the context of the current user.
Impact
- Buffer Overflow
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-39380
- CVE-2024-45112
- CVE-2024-39384
Affected Vendors
Affected Products
- Adobe After Effects - 24.5
- Adobe After Effects - 23.6.6
- Adobe Premiere Pro 24.5
- Adobe Premiere Pro 23.6.8
- Adobe After Effects - 0
- Adobe Acrobat DC - 24.002.21005
- Adobe Acrobat DC - 24.003.20054
- Adobe Acrobat Reader DC - 24.003.20054
- Adobe Acrobat Reader DC - 24.002.21005
- Adobe Acrobat 2024 - 24.001.30159
- Adobe Acrobat 2020 - 20.005.30655
- Adobe Acrobat Reader 2020 - 20.005.30655
- Adobe Acrobat Reader - 0
- Adobe Premiere Pro - 0
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.