Adobe Animate 2023
Monthly
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.
Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.
Arbitrary code execution in Adobe Animate 2023 and 2024 stems from an incorrect authorization (CWE-863) weakness that lets code run in the context of the current user. Adobe reported the flaw via advisory APSB26-83 with a CVSS 8.1 rating; exploitation requires no user interaction but depends on conditions outside the attacker's control (reflected in high attack complexity). There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an Incorrect Authorization flaw (CWE-863) that lets a maliciously crafted file run code in the context of the current user. Exploitation requires the victim to open the attacker-supplied file and depends on conditions beyond the attacker's control, and there is no public exploit identified at time of analysis. Adobe self-reported the issue and published fixes in advisory APSB26-83.
Arbitrary code execution in Adobe Animate 2023 and 2024 stems from a path traversal weakness triggered when a victim opens a maliciously crafted file, letting an attacker run code in the context of the current user and reach files or directories outside intended restrictions. The flaw carries a CVSS 3.1 base score of 8.6 with a changed scope, reflecting impact beyond the initially vulnerable component. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation risk hinges on social-engineering a user into opening a rogue project file.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.
Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.
Arbitrary code execution in Adobe Animate 2023 and 2024 stems from an incorrect authorization (CWE-863) weakness that lets code run in the context of the current user. Adobe reported the flaw via advisory APSB26-83 with a CVSS 8.1 rating; exploitation requires no user interaction but depends on conditions outside the attacker's control (reflected in high attack complexity). There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an Incorrect Authorization flaw (CWE-863) that lets a maliciously crafted file run code in the context of the current user. Exploitation requires the victim to open the attacker-supplied file and depends on conditions beyond the attacker's control, and there is no public exploit identified at time of analysis. Adobe self-reported the issue and published fixes in advisory APSB26-83.
Arbitrary code execution in Adobe Animate 2023 and 2024 stems from a path traversal weakness triggered when a victim opens a maliciously crafted file, letting an attacker run code in the context of the current user and reach files or directories outside intended restrictions. The flaw carries a CVSS 3.1 base score of 8.6 with a changed scope, reflecting impact beyond the initially vulnerable component. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation risk hinges on social-engineering a user into opening a rogue project file.