Request a Demo
Rewterz
FormBook Malware – Active IOCs
November 20, 2024
Rewterz
ShadowPad RAT – Active IOCs
November 20, 2024

Multiple Adobe Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-47455 CVSS:5.5

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47454 CVSS:5.5

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47453 CVSS:5.5

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47452 CVSS:7.8

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47451 CVSS:7.8

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47450 CVSS:7.8

Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47449 CVSS:5.5

Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47446 CVSS:5.5

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47445 CVSS:5.5

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47444 CVSS:5.5

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47443 CVSS:7.8

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47442 CVSS:7.8

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47441 CVSS:7.8

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47440 CVSS:5.5

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47439 CVSS:5.5

Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

  • Denial of Service
  • Code Execution
  • Security Bypass
  • Buffer Overflow
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-47455
  • CVE-2024-47454
  • CVE-2024-47453
  • CVE-2024-47452
  • CVE-2024-47451
  • CVE-2024-47450
  • CVE-2024-47449
  • CVE-2024-47446
  • CVE-2024-47445
  • CVE-2024-47444
  • CVE-2024-47443
  • CVE-2024-47442
  • CVE-2024-47441
  • CVE-2024-47440
  • CVE-2024-47439

Affected Vendors

Adobe

Affected Products

  • Adobe Substance3D - Painter 10.1.0
  • Adobe Illustrator 28.7.1
  • Adobe Audition 23.6.9
  • Adobe Audition 24.4.6
  • Adobe After Effects 23.6.9
  • Adobe After Effects 24.6.2

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Illustrator

Adobe Audition

Adobe After Effects

Adobe Substance3D - Painter