Arbitrary Code Execution Vulnerability in Substance3D Modeler
CVE-2024-53000

7.8HIGH

Key Information:

Vendor: Substance3D
Status: Substance 3d Modeler
Vendor: CVE Published:; 10 December 2024

Summary

An out-of-bounds write vulnerability has been identified in Adobe's Substance3D - Modeler, specifically affecting versions 1.14.1 and earlier. This flaw allows for the potential execution of arbitrary code within the context of the current user, should a malicious file be opened. User interaction is a prerequisite for exploitation, which emphasizes the need for vigilance when managing file types handled by this software. Continuous monitoring for updates and security patches is crucial to mitigate associated risks.

References

https://helpx.adobe.com/security/products/substance3d-mod...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database