The successful exploitation of these issues could result in a memory leak and arbitrary code execution in the current user's context.
Adobe Substance 3D Stager is a cutting-edge staging tool for creating 3D scenes using real-time 3D visualization and high-quality renderings.
At the time of release, none of the flaws that Adobe patched this month were known to the public or targeted by active attacks.
These upgrades have a deployment priority rating of 3, according to Adobe.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
These vulnerabilities enable a remote attacker to obtain access to potentially sensitive information.
The vulnerability exists because of a boundary condition.
A remote attacker can generate a specially crafted file, mislead the victim into opening it, cause an out-of-bounds read error, and read memory from the system.
The CVE-2024-20713 with Improper Input Validation category has a CVSS base score of 5.5, allowing a remote attacker to access the compromised machine.
The insufficient validation of user-supplied input is the cause of the vulnerability.
A remote attacker can take control of the system and run arbitrary code by tricking the user into opening a maliciously created file.
Platforms: Windows and macOS. Upgrade to the Substance 3D Stager version 2.1.4.
Try Kelltron's cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.
This Cyber News was published on gbhackers.com. Publication date: Wed, 10 Jan 2024 15:43:03 +0000