Request a Demo
Rewterz
Toyota Confirms Data Breach Following Data Leak on Dark Web Forums
August 20, 2024
Rewterz
CISA Alerts of Ransomware Attacks Exploiting Critical Jenkins Vulnerability
August 20, 2024

Multiple Adobe Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-41852 CVSS:7.8

Adobe InDesign is vulnerable to a stack-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-39389 CVSS:7.8

Adobe InDesign is vulnerable to a stack-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-39386 CVSS:7.8

Adobe Bridge could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-39391 CVSS:7.8

Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash

CVE-2024-39394 CVSS:7.8

Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-41850 CVSS:7.8

Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-39390 CVSS:7.8

Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-39393 CVSS:7.8

Adobe InDesign could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Impact

  • Privilege Escalation
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-41852
  • CVE-2024-39389
  • CVE-2024-39386
  • CVE-2024-39391
  • CVE-2024-39394
  • CVE-2024-41850
  • CVE-2024-39390
  • CVE-2024-39393

Affected Vendors

Adobe

Affected Products

  • Adobe InDesign Desktop - ID18.5.2
  • Adobe InDesign Desktop - ID19.4
  • Adobe Bridge - 13.0.8
  • Adobe Bridge - 14.1.1

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-41852

CVE-2024-39389

CVE-2024-39386

CVE-2024-39391

CVE-2024-39394

CVE-2024-41850

CVE-2024-39390

CVE-2024-39393