Multiple Critical Vulnerabilities Affecting Adobe Products

Advisory No: TZCERT/SA/2024/05/17-1

Date of First Release: 17^th May 2024

Source: Adobe

Software Affected: Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver

Overview:

Multiple Adobe products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on affected system.

Description:

Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver are affected by numerous vulnerabilities. These include Use After Free, Out-of-bounds Write, Improper Input Validation, Improper Access Control, Stack-based Buffer Overflow, Heap-based Buffer Overflow, NULL Pointer Dereference, and OS Command Injection. Successful exploitation of these vulnerabilities may allow attackers to execute arbitrary code on the vulnerable systems.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
2. https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
3. https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
4. https://helpx.adobe.com/security/products/aero/apsb24-33.html
5. https://helpx.adobe.com/security/products/animate/apsb24-36.html
6. https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
7. https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html