Adobe Premiere Pro Untrusted Search Path Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-34123

7HIGH

Key Information:

Vendor: Adobe
Status: Premiere Pro
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-34123?

Adobe Premiere Pro is vulnerable to an Untrusted Search Path issue that exposes the application to arbitrary code execution by an attacker. This vulnerability permits the insertion of a malicious file into the application’s search path, allowing the application to mistakenly execute it instead of the intended legitimate files. This method of exploitation necessitates user interaction, which escalates the attack complexity and highlights the critical importance of rigorous file validation and security practices within the application.

Affected Version(s)

Premiere Pro 0 <= 24.4.1

References

https://helpx.adobe.com/security/products/premiere_pro/ap...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Apr 30, 2024