Analysis Summary

CVE-2024-47428 CVSS:7.8

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47427 CVSS:7.8

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-47426 CVSS:7.8

Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-45147 CVSS:5.5

Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-45114 CVSS:7.8

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-49536 CVSS:5.5

Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-49529 CVSS:5.5

InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-49528 CVSS:7.8

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-49527 CVSS:5.5

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-49526 CVSS:7.8

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

• Code Execution
• Security Bypass
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-47428
• CVE-2024-47427
• CVE-2024-47426
• CVE-2024-45147
• CVE-2024-45114
• CVE-2024-49536
• CVE-2024-49529
• CVE-2024-49528
• CVE-2024-49527
• CVE-2024-49526

Affected Vendors

Affected Products

• Adobe Animate 23.0.7
• Adobe Animate 24.0.4
• Adobe Substance3D - Painter 10.1.0
• Adobe Illustrator 28.7.1
• Adobe Audition 23.6.9
• Adobe Audition 24.4.6
• Adobe Bridge 13.0.9
• Adobe Bridge 14.1.2
• Adobe InDesign 19.0
• Adobe InDesign 20.0

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-47428

CVE-2024-47427

CVE-2024-47426

CVE-2024-45147

CVE-2024-45114

CVE-2024-49536

CVE-2024-49529

CVE-2024-49528

CVE-2024-49527

CVE-2024-49526