Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
- by nlqip
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows
Tactic: Execution (TA0002)
Technique: Exploitation for Client Execution (T1203):
Adobe Experience Manager:
- Improper Input Validation (CVE-2024-43711, CVE-2024-43755)
- Cross-site Scripting (Stored XSS) (CVE-2024-43712, CVE-2024-53960, CVE-2024-43713, CVE-2024-43714, CVE-2024-43715, CVE-2024-43718, CVE-2024-43719, CVE-2024-43720, CVE-2024-43721, CVE-2024-43722, CVE-2024-43723, CVE-2024-43724, CVE-2024-43725, CVE-2024-43726, CVE-2024-43727, CVE-2024-43728, CVE-2024-43730, CVE-2024-43732, CVE-2024-43733, CVE-2024-43734, CVE-2024-43735, CVE-2024-43736, CVE-2024-43737, CVE-2024-43738, CVE-2024-43739, CVE-2024-43740, CVE-2024-43742, CVE-2024-43743, CVE-2024-43744, CVE-2024-43745, CVE-2024-43746, CVE-2024-43747, CVE-2024-43748, CVE-2024-43749, CVE-2024-43750, CVE-2024-43751, CVE-2024-43752, CVE-2024-43754, CVE-2024-52991, CVE-2024-52992, CVE-2024-52993, CVE-2024-52816, CVE-2024-52817, CVE-2024-52818, CVE-2024-52822, CVE-2024-52823, CVE-2024-52824, CVE-2024-52825, CVE-2024-52826, CVE-2024-52827, CVE-2024-52828, CVE-2024-52829, CVE-2024-52830, CVE-2024-52831, CVE-2024-52832, CVE-2024-52834, CVE-2024-52835, CVE-2024-52836, CVE-2024-52837, CVE-2024-52838, CVE-2024-52839, CVE-2024-52840, CVE-2024-52841, CVE-2024-52842, CVE-2024-52843, CVE-2024-52844, CVE-2024-52845, CVE-2024-52846, CVE-2024-52847, CVE-2024-52848, CVE-2024-52849, CVE-2024-52850, CVE-2024-52851, CVE-2024-52852, CVE-2024-52853, CVE-2024-52854, CVE-2024-52855, CVE-2024-52857, CVE-2024-52858, CVE-2024-52859, CVE-2024-52860, CVE-2024-52861, CVE-2024-52862, CVE-2024-52864, CVE-2024-52865)
- Improper Authorization (CVE-2024-43729, CVE-2024-43731)
- Improper Access Control (CVE-2024-43716, CVE-2024-43717)
Adobe Acrobat and Reader:
- Out-of-bounds Read (CVE-2024-47449)
Adobe After Effects:
- Use After Free (CVE-2024-49530, CVE-2024-49535, CVE-2024-49531, CVE-2024-49532, CVE-2024-49533, CVE-2024-49534)
Adobe Media Encoder:
- Out-of-bounds Write (CVE-2024-49551, CVE-2024-49553)
- Heap-based Buffer Overflow (CVE-2024-49552)
- NULL Pointer Dereference (CVE-2024-49554)
Adobe Illustrator:
- Out-of-bounds Write (CVE-2024-49538, CVE-2024-49541)
Adobe After Effects:
- Stack-based Buffer Overflow (CVE-2024-49537)
Adobe Animate:
- Improper Input Validation (CVE-2024-52982)
- Integer Overflow or Wraparound (CVE-2024-52983)
- Integer Underflow (Wrap or Wraparound) (CVE-2024-52984, CVE-2024-52985, CVE-2024-52986, CVE-2024-52987, CVE-2024-52989, CVE-2024-53954)
- Out-of-bounds Write (CVE-2024-52988)
- Buffer Underwrite (‘Buffer Underflow’) (CVE-2024-52990)
- Access of Uninitialized Pointer (CVE-2024-45155)
- NULL Pointer Dereference (CVE-2024-45156)
- Use After Free (CVE-2024-53953)
Adobe InDesign
- Stack-based Buffer Overflow (CVE-2024-49543)
- Out-of-bounds Write (CVE-2024-49544)
- Heap-based Buffer Overflow (CVE-2024-49545)
- Out-of-bounds Read (CVE-2024-49546, CVE-2024-49547, CVE-2024-49548, CVE-2024-49549, CVE-2024-53951)
- NULL Pointer Dereference (CVE-2024-53952)
Adobe PDFL Software Development Kit (SDK)
- Out-of-bounds Write (CVE-2024-49513)
Adobe Connect
- Cross-site Scripting (Reflected XSS) (CVE-2024-54032, CVE-2024-54034, CVE-2024-54036, CVE-2024-54037, CVE-2024-54039, CVE-2024-49550, CVE-2024-54040, CVE-2024-54041, CVE-2024-54042, CVE-2024-54043, CVE-2024-54044, CVE-2024-54045, CVE-2024-54046, CVE-2024-54047, CVE-2024-54048, CVE-2024-54049)
- Improper Access Control (CVE-2024-54033, CVE-2024-54035, CVE-2024-54038)
- URL Redirection to Untrusted Site (‘Open Redirect’) (CVE-2024-54050, CVE-2024-54051)
- Server-Side Request Forgery (SSRF) (CVE-2024-54052)
Substance 3D Sampler
- Out-of-bounds Write (CVE-2024-52994)
- Heap-based Buffer Overflow (CVE-2024-52995, CVE-2024-52996)
Adobe Photoshop
- Use After Free (CVE-2024-52997)
Substance 3D Modeler
- Heap-based Buffer Overflow (CVE-2024-52999)
- Out-of-bounds Write (CVE-2024-53000, CVE-2024-53001, CVE-2024-53002, CVE-2024-53003)
- Out-of-bounds Read (CVE-2024-53004, CVE-2024-53005)
- NULL Pointer Dereference (CVE-2024-53006, CVE-2024-52833)
Adobe Bridge
- Integer Underflow (Wrap or Wraparound) (CVE-2024-53955)
Adobe Premiere Pro
- Heap-based Buffer Overflow (CVE-2024-53956)
Substance 3D Painter
- Heap-based Buffer Overflow (CVE-2024-53957)
- Out-of-bounds Write (CVE-2024-53958)
Adobe FrameMaker
- Stack-based Buffer Overflow (CVE-2024-53959)
Source link
lol
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows Tactic: Execution (TA0002) Technique: Exploitation for Client Execution (T1203): Adobe Experience Manager: Improper Input Validation (CVE-2024-43711, CVE-2024-43755) Cross-site Scripting (Stored XSS) (CVE-2024-43712, CVE-2024-53960, CVE-2024-43713, CVE-2024-43714, CVE-2024-43715, CVE-2024-43718, CVE-2024-43719, CVE-2024-43720, CVE-2024-43721,…
Recent Posts
- CISA Releases the Cybersecurity Performance Goals Adoption Report | CISA
- Multiple vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.
- Dell Sales Leader, Former Channel Chief John Byrne Steps Down
- The Dangers of DNS Hijacking
- CES 2025: 15 PC Chips Announced By Intel, Nvidia, AMD And Qualcomm