{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45142", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2024-08-21T23:00:59.350Z", "datePublished": "2024-10-09T13:28:45.183Z", "dateUpdated": "2024-10-09T17:29:06.772Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Substance3D - Stager", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "3.0.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-10-08T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-123", "description": "Write-what-where Condition (CWE-123)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-10-09T13:28:45.183Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Substance3D - Stager | Write-what-where Condition (CWE-123)"}, "adp": [{"affected": [{"vendor": "adobe", "product": "substance_3d_stager", "cpes": ["cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T17:25:51.409049Z", "id": "CVE-2024-45142", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T17:29:06.772Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45142", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T17:25:51.409049Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"], "vendor": "adobe", "product": "substance_3d_stager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.0.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T17:28:58.906Z"}}], "cna": {"title": "Substance3D - Stager | Write-what-where Condition (CWE-123)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 7.8, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 7.8, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Substance3D - Stager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.0.3"}], "defaultStatus": "affected"}], "datePublic": "2024-10-08T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-123", "description": "Write-what-where Condition (CWE-123)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-10-09T13:28:45.183Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45142", "state": "PUBLISHED", "dateUpdated": "2024-10-09T17:29:06.772Z", "dateReserved": "2024-08-21T23:00:59.350Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2024-10-09T13:28:45.183Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", "matchCriteriaId": "223FBC3F-3935-4371-958B-9A34BEE2A11F", "versionEndExcluding": "3.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 3.0.3 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de condici\u00f3n de escritura de lo que se escribe y lo que se escribe, que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en el contexto del usuario actual. Esta vulnerabilidad permite a un atacante escribir un valor controlado en una ubicaci\u00f3n de memoria arbitraria, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2024-45142", "lastModified": "2024-10-18T14:42:38.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2024-10-09T14:15:06.583", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-123"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}