Fortinet Affirms Data Breach After Threat Actor Claimed to Steal 440GB Data
September 13, 2024Multiple Cisco Products Vulnerabilities
September 13, 2024Fortinet Affirms Data Breach After Threat Actor Claimed to Steal 440GB Data
September 13, 2024Multiple Cisco Products Vulnerabilities
September 13, 2024Severity
High
Analysis Summary
CVE-2024-43760 CVSS:7.8
Adobe Photoshop could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-39378 CVSS:7.8
Adobe Audition could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-41859 CVSS:7.8
Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43758 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-39377 CVSS:7.8
Adobe Media Encoder could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-34121 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-43760
- CVE-2024-39378
- CVE-2024-41859
- CVE-2024-43758
- CVE-2024-39377
- CVE-2024-34121
Affected Vendors
Affected Products
- Adobe Photoshop 2023 - 24.7.4
- Adobe Photoshop 2024 - 25.11
- Adobe Audition - 24.4.1
- Adobe Audition - 23.6.6
- Adobe After Effects - 24.5
- Adobe After Effects - 23.6.6
- Adobe Illustrator 2023 - 27.9.5
- Adobe Illustrator 2024 - 28.6
- Adobe Media Encoder 24.5
- Adobe Media Encoder 23.6.8
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.