Adobe Illustrator Under Attack: Use After Free Vulnerability Affects Major Version
CVE-2024-43758

7.8HIGH

Key Information:

Vendor: Adobe
Status: Illustrator
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-43758?

A Use After Free vulnerability exists in Adobe Illustrator, specifically affecting versions 28.6, 27.9.5, and earlier releases. This flaw can potentially allow attackers to execute arbitrary code within the context of the current user, provided the victim opens a specially crafted malicious file. User interaction is crucial for exploitation, hence prompting caution when dealing with unknown files.

Affected Version(s)

Illustrator 0 <= 27.9.5

References

https://helpx.adobe.com/security/products/illustrator/aps...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Aug 15, 2024