PT-2023-1825 · Adobe · Substance3D - Stager
Published
2023-03-14
·
Updated
2023-04-03
·
CVE-2023-25865
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe Substance 3D Stager versions 2.0.0 and earlier
Description
The issue is caused by improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file. This can also be described as a buffer overflow in memory, allowing an attacker to execute arbitrary code using a specially crafted file.
Recommendations
For Adobe Substance 3D Stager versions 2.0.0 and earlier, update to a version that fixes the improper input validation issue to prevent arbitrary code execution.
As a temporary workaround, consider avoiding the use of OBJ file parsing until a patch is available.
Restrict access to malicious files to minimize the risk of exploitation.
Fix
Access of Memory Location After End of Buffer
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Substance3D - Stager