CVE-2024-34123

EUVD-2024-34644

09.07.2024, 19:15

Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Affected Products (NVD)

Vendor	Product	Version
adobe	premiere_pro	𝑥 < 23.6.7
adobe	premiere_pro	24.0 ≤ 𝑥 < 24.5

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
adobe	premiere_pro	𝑥 ≤ 24.4.1	ADP
adobe	premiere_pro	𝑥 ≤ 23.6.5	ADP

Common Weakness Enumeration

CWE-426 - Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html