Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution


Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows 

Tactic: Execution (TA0002)

Technique: Exploitation for Client Execution (T1203): 

Adobe Experience Manager:

  • Improper Input Validation (CVE-2024-43711, CVE-2024-43755)
  • Cross-site Scripting (Stored XSS) (CVE-2024-43712, CVE-2024-53960, CVE-2024-43713, CVE-2024-43714, CVE-2024-43715, CVE-2024-43718, CVE-2024-43719, CVE-2024-43720, CVE-2024-43721, CVE-2024-43722, CVE-2024-43723, CVE-2024-43724, CVE-2024-43725, CVE-2024-43726, CVE-2024-43727, CVE-2024-43728, CVE-2024-43730, CVE-2024-43732, CVE-2024-43733, CVE-2024-43734, CVE-2024-43735, CVE-2024-43736, CVE-2024-43737, CVE-2024-43738, CVE-2024-43739, CVE-2024-43740, CVE-2024-43742, CVE-2024-43743, CVE-2024-43744, CVE-2024-43745, CVE-2024-43746, CVE-2024-43747, CVE-2024-43748, CVE-2024-43749, CVE-2024-43750, CVE-2024-43751, CVE-2024-43752, CVE-2024-43754, CVE-2024-52991, CVE-2024-52992, CVE-2024-52993, CVE-2024-52816, CVE-2024-52817, CVE-2024-52818, CVE-2024-52822, CVE-2024-52823, CVE-2024-52824, CVE-2024-52825, CVE-2024-52826, CVE-2024-52827, CVE-2024-52828, CVE-2024-52829, CVE-2024-52830, CVE-2024-52831, CVE-2024-52832, CVE-2024-52834, CVE-2024-52835, CVE-2024-52836, CVE-2024-52837, CVE-2024-52838, CVE-2024-52839, CVE-2024-52840, CVE-2024-52841, CVE-2024-52842, CVE-2024-52843, CVE-2024-52844, CVE-2024-52845, CVE-2024-52846, CVE-2024-52847, CVE-2024-52848, CVE-2024-52849, CVE-2024-52850, CVE-2024-52851, CVE-2024-52852, CVE-2024-52853, CVE-2024-52854, CVE-2024-52855, CVE-2024-52857, CVE-2024-52858, CVE-2024-52859, CVE-2024-52860, CVE-2024-52861, CVE-2024-52862, CVE-2024-52864, CVE-2024-52865)
  • Improper Authorization (CVE-2024-43729, CVE-2024-43731)
  • Improper Access Control (CVE-2024-43716, CVE-2024-43717) 

Adobe Acrobat and Reader:

  • Out-of-bounds Read (CVE-2024-47449) 

Adobe After Effects:

  • Use After Free (CVE-2024-49530, CVE-2024-49535, CVE-2024-49531, CVE-2024-49532, CVE-2024-49533, CVE-2024-49534) 

Adobe Media Encoder:

  • Out-of-bounds Write (CVE-2024-49551, CVE-2024-49553)
  • Heap-based Buffer Overflow (CVE-2024-49552)
  • NULL Pointer Dereference (CVE-2024-49554) 

Adobe Illustrator:

  • Out-of-bounds Write (CVE-2024-49538, CVE-2024-49541) 

Adobe After Effects:

  • Stack-based Buffer Overflow (CVE-2024-49537) 

Adobe Animate:

  • Improper Input Validation (CVE-2024-52982)
  • Integer Overflow or Wraparound (CVE-2024-52983)
  • Integer Underflow (Wrap or Wraparound) (CVE-2024-52984, CVE-2024-52985, CVE-2024-52986, CVE-2024-52987, CVE-2024-52989, CVE-2024-53954)
  • Out-of-bounds Write (CVE-2024-52988)
  • Buffer Underwrite (‘Buffer Underflow’) (CVE-2024-52990)
  • Access of Uninitialized Pointer (CVE-2024-45155)
  • NULL Pointer Dereference (CVE-2024-45156)
  • Use After Free (CVE-2024-53953) 

Adobe InDesign

  • Stack-based Buffer Overflow (CVE-2024-49543)
  • Out-of-bounds Write (CVE-2024-49544)
  • Heap-based Buffer Overflow (CVE-2024-49545)
  • Out-of-bounds Read (CVE-2024-49546, CVE-2024-49547, CVE-2024-49548, CVE-2024-49549, CVE-2024-53951)
  • NULL Pointer Dereference (CVE-2024-53952) 

Adobe PDFL Software Development Kit (SDK)

  • Out-of-bounds Write (CVE-2024-49513) 

Adobe Connect

  • Cross-site Scripting (Reflected XSS) (CVE-2024-54032, CVE-2024-54034, CVE-2024-54036, CVE-2024-54037, CVE-2024-54039, CVE-2024-49550, CVE-2024-54040, CVE-2024-54041, CVE-2024-54042, CVE-2024-54043, CVE-2024-54044, CVE-2024-54045, CVE-2024-54046, CVE-2024-54047, CVE-2024-54048, CVE-2024-54049)
  • Improper Access Control (CVE-2024-54033, CVE-2024-54035, CVE-2024-54038)
  • URL Redirection to Untrusted Site (‘Open Redirect’) (CVE-2024-54050, CVE-2024-54051)
  • Server-Side Request Forgery (SSRF) (CVE-2024-54052) 

Substance 3D Sampler

  • Out-of-bounds Write (CVE-2024-52994)
  • Heap-based Buffer Overflow (CVE-2024-52995, CVE-2024-52996) 

Adobe Photoshop

  • Use After Free (CVE-2024-52997) 

Substance 3D Modeler

  • Heap-based Buffer Overflow (CVE-2024-52999)
  • Out-of-bounds Write (CVE-2024-53000, CVE-2024-53001, CVE-2024-53002, CVE-2024-53003)
  • Out-of-bounds Read (CVE-2024-53004, CVE-2024-53005)
  • NULL Pointer Dereference (CVE-2024-53006, CVE-2024-52833) 

Adobe Bridge

  • Integer Underflow (Wrap or Wraparound) (CVE-2024-53955) 

Adobe Premiere Pro

  • Heap-based Buffer Overflow (CVE-2024-53956) 

Substance 3D Painter

  • Heap-based Buffer Overflow (CVE-2024-53957)
  • Out-of-bounds Write (CVE-2024-53958) 

Adobe FrameMaker

  • Stack-based Buffer Overflow (CVE-2024-53959) 



Source link
lol

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows  Tactic: Execution (TA0002) Technique: Exploitation for Client Execution (T1203):  Adobe Experience Manager: Improper Input Validation (CVE-2024-43711, CVE-2024-43755) Cross-site Scripting (Stored XSS) (CVE-2024-43712, CVE-2024-53960, CVE-2024-43713, CVE-2024-43714, CVE-2024-43715, CVE-2024-43718, CVE-2024-43719, CVE-2024-43720, CVE-2024-43721,…

Leave a Reply

Your email address will not be published. Required fields are marked *