CVE-2024-34123

CWE-4263 documents3 sources
Severity
7.0HIGH
EPSS
0.3%
top 50.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Premiere PRO
Timeline
PublishedJul 9

Description

Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDadobe/premiere_pro24.024.5+1
CVEListV5adobe/premiere_pro24.4.1

🔴Vulnerability Details

2
CVEList
Adobe Premiere Pro arbitrary DLL loading lead to remote code execution2024-07-09
GHSA
GHSA-qv42-rgf2-jwrj: Premiere Pro versions 232024-07-09
CVE-2024-34123 (HIGH CVSS 7) | Premiere Pro versions 23.6.5 | cvebase.io