Advisory No: TZCERT/SA/2024/05/17-1
Date of First Release: 17th May 2024
Source: Adobe
Software Affected: Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver
Overview:
Multiple Adobe products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on affected system.
Description:
Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver are affected by numerous vulnerabilities. These include Use After Free, Out-of-bounds Write, Improper Input Validation, Improper Access Control, Stack-based Buffer Overflow, Heap-based Buffer Overflow, NULL Pointer Dereference, and OS Command Injection. Successful exploitation of these vulnerabilities may allow attackers to execute arbitrary code on the vulnerable systems.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.
Solution:
Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
- https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
- https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
- https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
- https://helpx.adobe.com/security/products/aero/apsb24-33.html
- https://helpx.adobe.com/security/products/animate/apsb24-36.html
- https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
- https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html