Adobe Animate Arbitrary Code ExecutionVulnerability

Adobe Animate Arbitrary Code ExecutionVulnerability

On June 15, 2023 Adobe released a use-after-free vulnerability for the Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier).

These versions are affected by a Use After Free vulnerability that could result in arbitrary code execution in the current user context. Exploitation of this issue requires user interaction (opening of a malicious file) by the victim. (CVE-2023-29321)

Affected Systems

-

IoC’s

-

Recommended Solution(s)

Adobe recommends users to update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page:
https://helpx.adobe.com/creative-cloud/help/creative-cloud-updates.html

Mitigations

-

CVE / CWE

CVE-2023-29321

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-29321
• https://helpx.adobe.com/security/products/animate/apsb23-36.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.