Multiple Critical Vulnerabilities Affecting Adobe Products

Published On: May 17, 2024 14:10

Advisory No: TZCERT/SA/2024/05/17-1

Source: Adobe

Software Affected: Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver

Overview

Multiple Adobe products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on affected system.

Description

Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver are affected by numerous vulnerabilities. These include Use After Free, Out-of-bounds Write, Improper Input Validation, Improper Access Control, Stack-based Buffer Overflow, Heap-based Buffer Overflow, NULL Pointer Dereference, and OS Command Injection. Successful exploitation of these vulnerabilities may allow attackers to execute arbitrary code on the vulnerable systems.

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution

Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident