Adobe Animate Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-30296

7.8HIGH

Key Information:

Vendor: Adobe
Status: Animate
Vendor: CVE Published:; 16 May 2024

Summary

A vulnerability exists in Adobe Animate versions 24.0.2, 23.0.5, and earlier that allows for out-of-bounds write operations. This flaw can lead to arbitrary code execution when a user interacts with a malicious file. Attackers can exploit this vulnerability by persuading users to open compromised files, thereby gaining access to the system under the current user's permissions. It is crucial for users to ensure they are using the latest versions of Adobe Animate and exercise caution when opening files from untrusted sources.

Affected Version(s)

Animate 0 <= 23.0.5

References

https://helpx.adobe.com/security/products/animate/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Mar 26, 2024