Dimension vulnerability can lead to arbitrary code execution with user interaction
CVE-2024-34124

7.8HIGH

Key Information:

Vendor: Adobe
Status: Dimension
Vendor: CVE Published:; 14 August 2024

Summary

An out-of-bounds write vulnerability has been identified in Adobe Dimension versions 3.4.11 and earlier. This vulnerability can potentially allow attackers to execute arbitrary code within the current user's context, posing significant security risks. Exploitation of this flaw necessitates user interaction, specifically requiring the victim to open a specially crafted malicious file. It is crucial for users and administrators to be aware of this vulnerability and apply necessary updates or mitigations as recommended by Adobe.

Affected Version(s)

Dimension 0 <= 3.4.11

References

https://helpx.adobe.com/security/products/dimension/apsb2...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Apr 30, 2024