Adobe Framemaker Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-30290

7.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Framemaker
Vendor: CVE Published:; 16 May 2024

Summary

Adobe Framemaker, a document processing application, is susceptible to an out-of-bounds write vulnerability present in versions 2020.5, 2022.3, and earlier. This vulnerability allows for potential arbitrary code execution in the context of the user currently running the application. Exploitation of this issue necessitates user interaction, specifically when a malicious file is opened in the affected application. The risk emphasizes the importance of vigilance when handling files from untrusted sources, as this vulnerability could allow attackers to compromise user systems.

Affected Version(s)

Adobe Framemaker 0 <= 2022.3

References

https://helpx.adobe.com/security/products/framemaker/apsb...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database