CVE-2024-49515

HIGH

7.8

Descripcion

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado11/12/2024

Ultima modificacion11/13/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

adobe:substance_3d_painter

Debilidades (CWE)

CWE-426

Referencias

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html(psirt@adobe.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.