June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Sidewinder Launches Latest Attack Spree Across Various Regions – Active IOCs
October 17, 2024
Iranian Cybercriminals Serve as Brokers for Sale of Vital Infrastructure Access – Active IOCs
October 17, 2024
Sidewinder Launches Latest Attack Spree Across Various Regions – Active IOCs
October 17, 2024
Iranian Cybercriminals Serve as Brokers for Sale of Vital Infrastructure Access – Active IOCs
October 17, 2024
Severity
Medium
Analysis Summary
CVE-2024-45142 CVSS:7.8
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45141 CVSS:7.8
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45140 CVSS:7.8
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45139 CVSS:7.8
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45138 CVSS:7.8
Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45137 CVSS:7.8
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction.
CVE-2024-45136 CVSS:7.8
InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction.
CVE-2024-45135 CVSS:2.7
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45134 CVSS:2.7
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
CVE-2024-45133 CVSS:2.7
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
Impact
- Code Execution
- Buffer Overflow
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-45142
- CVE-2024-45141
- CVE-2024-45140
- CVE-2024-45139
- CVE-2024-45138
- CVE-2024-45137
- CVE-2024-45136
- CVE-2024-45135
- CVE-2024-45134
- CVE-2024-45133
Affected Vendors
Adobe
Affected Products
- Adobe Magento Commerce 2.4.2
- Adobe Commerce 2.4.3
- Adobe Magento Open Source 2.4.3
- Adobe Commerce 2.4.5
- Adobe Magento Open Source 2.4.5
- Adobe Commerce 2.4.4
- Adobe Magento Open Source 2.4.6
- Adobe Commerce 2.4.6
- Adobe Commerce 2.4.7
- Adobe Magento Open Source 2.4.7
- Adobe Substance3D - Stager 3.0.3
- Adobe InDesign Desktop 19.4
- Adobe InDesign Desktop 18.5.3
- Adobe InCopy 19.4
- Adobe InCopy 18.5.3
- Adobe Commerce B2B 1.3.3
- Adobe Commerce B2B 1.3.4
- Adobe Commerce B2B 1.3.5
- Adobe Commerce B2B 1.4.2
- Adobe Commerce 2.3.7
- Adobe Commerce 2.4.0
- Adobe Commerce 2.4.1
- Adobe Commerce 2.4.2
Remediation
Refer to Adobe Security Advisories for patch, upgrade, or suggested workaround information.
