Adobe Framemaker Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-30292

7.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Framemaker
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-30292?

Adobe Framemaker versions 2020.5 and 2022.3 are susceptible to an out-of-bounds write vulnerability that allows for arbitrary code execution with user interaction. Exploitation requires the victim to open a specially crafted malicious file, exposing the current user’s environment to risk. This vulnerability poses significant threats as it could enable intruders to execute unauthorized commands and manipulate the system.

Affected Version(s)

Adobe Framemaker 0 <= 2022.3

References

https://helpx.adobe.com/security/products/framemaker/apsb...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Mar 26, 2024