Rewterz Threat Alert – RansomHouse Operation Utilizes New MrAgent Tool to Automate VMware ESXi Attacks – Active IOCs
February 20, 2024Rewterz Threat Update – International Law Enforcement Operation Disrupts LockBit Ransomware
February 20, 2024Rewterz Threat Alert – RansomHouse Operation Utilizes New MrAgent Tool to Automate VMware ESXi Attacks – Active IOCs
February 20, 2024Rewterz Threat Update – International Law Enforcement Operation Disrupts LockBit Ransomware
February 20, 2024Severity
Medium
Analysis Summary
CVE-2024-20747 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20743 CVSS:7.8
Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20750 CVSS:7.8
Adobe Substance 3D Designer could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20739 CVSS:7.8
Adobe Audition is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-20738 CVSS:9.8
Adobe FrameMaker Publishing Server could allow a remote attacker to bypass security restrictions, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the security feature.
CVE-2024-20742 CVSS:7.8
Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20723 CVSS:7.8
Adobe Acrobat and Adobe Reader are vulnerable to a buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-20749 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20735 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20741 CVSS:7.8
Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20725 CVSS:5.5
Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20734 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20736 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20748 CVSS:5.5
Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20733 CVSS:5.5
Adobe Acrobat and Adobe Reader are vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-20724 CVSS:5.5
Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20722 CVSS:5.5
Adobe Substance 3D Painter could allow a remote attacker to obtain sensitive information, caused by a memory leak due to an out-of-bounds read flaw. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20744 CVSS:7.8
Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2024-20740 CVSS:7.8
Adobe Substance 3D Painter could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Security Bypass
- Buffer Overflow
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-20747
- CVE-2024-20743
- CVE-2024-20750
- CVE-2024-20739
- CVE-2024-20738
- CVE-2024-20742
- CVE-2024-20723
- CVE-2024-20749
- CVE-2024-20735
- CVE-2024-20741
- CVE-2024-20725
- CVE-2024-20734
- CVE-2024-20736
- CVE-2024-20748
- CVE-2024-20733
- CVE-2024-20724
- CVE-2024-20722
- CVE-2024-20744
- CVE-2024-20740
Affected Vendors
Adobe
Affected Products
- Adobe Acrobat DC 23.008.20470
- Adobe Acrobat Reader DC 23.008.20470
- Adobe Acrobat 2020 20.005.30539
- Adobe Acrobat Reader 2020 20.005.30539
- Adobe Substance 3D Painter 9.1.1
- Adobe Substance 3D Designer 13.1.0
- Adobe Audition 24.0.3
- Adobe Audition 23.6.2
- Adobe FrameMaker Publishing Server 2022 Update 1
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.