CVE-2024-41865

CWE-4263 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 59.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Dimension
Timeline
PublishedAug 14

Description

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/dimension3.4.11
NVDadobe/dimension3.4.11

🔴Vulnerability Details

2
CVEList
Adobe Dimension Untrusted Search Path lead to load malicious DLL swift.dll2024-08-14
GHSA
GHSA-x79w-hpfq-wj44: Dimension versions 32024-08-14
CVE-2024-41865 (HIGH CVSS 7.8) | Dimension versions 3.4.11 and earli | cvebase.io