Adobe Premiere Pro Vulnerabilities: CVE-2024-20746 and CVE-2024-20745

• Mar 18, 2024

Adobe Premiere Pro, a popular video editing software, has been identified with critical vulnerabilities that could lead to arbitrary code execution. Two specific vulnerabilities, CVE-2024-20746 and CVE-2024-20745, affect versions 24.1, 23.6.2, and earlier, posing significant security risks to users.

### CVE-2024-20746: Out-of-Bounds Write Vulnerability

- Description: This vulnerability involves an out-of-bounds write issue that allows an attacker to execute arbitrary code within the context of the current user.

- Exploitation: Exploiting this vulnerability requires user interaction, where a victim unknowingly opens a malicious file.

- Severity: Rated as 7.8 HIGH on the CVSS scale.

### CVE-2024-20745: Heap-Based Buffer Overflow Vulnerability

- Description: In this vulnerability, a heap-based buffer overflow occurs, enabling an attacker to execute arbitrary code within the current user's context.

- Exploitation: Similar to CVE-2024-20746, exploiting this vulnerability necessitates user interaction through the opening of a malicious file.

- Severity: Also rated as 7.8 HIGH on the CVSS scale.

### Impact and Recommendations

These vulnerabilities highlight the importance of promptly updating Adobe Premiere Pro to the latest versions, such as 24.2.1 and 23.6.4, which address these critical security flaws. Failure to update could leave systems exposed to potential exploitation by threat actors seeking to execute malicious code.

### Mitigation Measures

- Update: Users are strongly advised to update their Adobe Premiere Pro software to the latest patched versions to mitigate the risks associated with these vulnerabilities.

- Exercise Caution: Avoid opening files from untrusted or unknown sources to minimize the likelihood of falling victim to exploitation attempts.

- Stay Informed: Regularly monitor security advisories from Adobe and other trusted sources to stay informed about potential threats and necessary updates.

By understanding the nature of these vulnerabilities and taking proactive steps to secure systems, users can safeguard their data and mitigate the risks posed by these critical security issues in Adobe Premiere Pro.

Citations:

[1] https://cve.mitre.org/cgi-bin/cvekey.cgi

[2] https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-028

[3] https://cybersecuritynews.com/adobe-enterprise-products-vulnerabilities/

[4] https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html

[5] https://auscert.org.au/bulletins/ESB-2024.1541/