Arbitrary Code Execution via User Interaction
CVE-2024-53959

7.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Framemaker
Vendor: CVE Published:; 10 December 2024

Summary

A stack-based buffer overflow vulnerability exists in Adobe Framemaker versions 2020.7, 2022.5, and earlier. This vulnerability can enable an attacker to execute arbitrary code in the context of the current user. Successful exploitation requires user interaction, specifically, the victim must open a file crafted to trigger this overflow. It is crucial for users of the affected versions to remain alert to potential attacks that exploit this flaw, ensuring they do not open untrusted or suspicious files.

Affected Version(s)

Adobe Framemaker 0 <= 2022.5

References

https://helpx.adobe.com/security/products/framemaker/apsb...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD DatabaseMitre Database