Request a Demo
Rewterz
Fortinet Affirms Data Breach After Threat Actor Claimed to Steal 440GB Data
September 13, 2024
Rewterz
Multiple Cisco Products Vulnerabilities
September 13, 2024

Multiple Adobe Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-43760 CVSS:7.8

Adobe Photoshop could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-39378 CVSS:7.8

Adobe Audition could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-41859 CVSS:7.8

Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43758 CVSS:7.8

Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2024-39377 CVSS:7.8

Adobe Media Encoder could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-34121 CVSS:7.8

Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Impact

  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-43760
  • CVE-2024-39378
  • CVE-2024-41859
  • CVE-2024-43758
  • CVE-2024-39377
  • CVE-2024-34121

Affected Vendors

Adobe

Affected Products

  • Adobe Photoshop 2023 - 24.7.4
  • Adobe Photoshop 2024 - 25.11
  • Adobe Audition - 24.4.1
  • Adobe Audition - 23.6.6
  • Adobe After Effects - 24.5
  • Adobe After Effects - 23.6.6
  • Adobe Illustrator 2023 - 27.9.5
  • Adobe Illustrator 2024 - 28.6
  • Adobe Media Encoder 24.5
  • Adobe Media Encoder 23.6.8

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-43760

CVE-2024-39378

CVE-2024-41859

CVE-2024-43758

CVE-2024-39377

CVE-2024-34121