Russian Cybercriminals Claim to Steal 2 Million Zoom Accounts’ Data
August 16, 2024ICS: Multiple Siemens Products Vulnerabilities
August 16, 2024Russian Cybercriminals Claim to Steal 2 Million Zoom Accounts’ Data
August 16, 2024ICS: Multiple Siemens Products Vulnerabilities
August 16, 2024Severity
Medium
Analysis Summary
CVE-2024-39388 CVSS:7.8
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34124 CVSS:7.8
Adobe Dimension could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20789 CVSS:7.8
Adobe Dimension could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-34125 CVSS:5.5
Adobe Dimension could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-34126 CVSS:5.5
Adobe Dimension could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-41840 CVSS:7.8
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39387 CVSS:5.5
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39423 CVSS:7.8
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39422 CVSS:7.8
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39424 CVSS:7.8
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-41831 CVSS:7.8
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-41833 CVSS:5.5
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-41834 CVSS:5.5
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39426 CVSS:7.8
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Security Bypass
- Code Execution
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-39388
- CVE-2024-34124
- CVE-2024-20789
- CVE-2024-34125
- CVE-2024-34126
- CVE-2024-41840
- CVE-2024-39387
- CVE-2024-39423
- CVE-2024-39422
- CVE-2024-39424
- CVE-2024-41831
- CVE-2024-41833
- CVE-2024-41834
- CVE-2024-39426
Affected Vendors
Affected Products
- Adobe Dimension - 3.4.11
- Adobe Acrobat Bridge version - 14.1.1
- Adobe Acrobat Reader version - 24.001.30123
- Adobe Substance3D - Stager version - 3.0.2
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.