Login Sign Up

CVE-2020-24424

7.0 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-24424 is a DLL hijacking vulnerability in Adobe Premiere Pro that allows attackers to execute arbitrary code by tricking users into opening malicious files. This affects users running Premiere Pro version 14.4 or earlier. Successful exploitation requires user interaction but runs with the current user's privileges.

💻 Affected Systems

Products:
  • Adobe Premiere Pro
Versions: 14.4 and earlier versions
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. Requires user to open malicious file.

📦 What is this software?

Premiere Pro by Adobe

View all CVEs affecting Premiere Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious project files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open files from trusted sources and have proper endpoint protection.

🌐 Internet-Facing: LOW - Requires user interaction with malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction but is technically simple once malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 14.5 or later

Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb20-64.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Premiere Pro and click 'Update'. 4. Restart Premiere Pro after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Premiere Pro project files from trusted sources. Implement file extension filtering.

Application control

windows

Use Windows AppLocker or similar to restrict Premiere Pro from loading DLLs from untrusted locations.

🧯 If You Can't Patch

  • Implement strict user training about opening files only from trusted sources
  • Deploy endpoint protection with behavior monitoring to detect suspicious DLL loading

🔍 How to Verify

Check if Vulnerable:

Check Premiere Pro version: Help > About Premiere Pro. If version is 14.4 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere Pro\14.0\Version. On macOS: Check /Applications/Adobe Premiere Pro 2020/Adobe Premiere Pro 2020.app/Contents/Info.plist

Verify Fix Applied:

Verify version is 14.5 or later in Help > About Premiere Pro.

📡 Detection & Monitoring

Log Indicators:

  • Premiere Pro loading DLLs from unusual locations
  • Process creation from Premiere Pro with suspicious parent-child relationships

Network Indicators:

  • Unexpected outbound connections from Premiere Pro process

SIEM Query:

process_name:"Adobe Premiere Pro.exe" AND (event_type:"process_creation" OR file_path:"*.dll")

📊 Metadata

CVE ID: CVE-2020-24424
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: October 21, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24424, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2019-20856 9.8

This vulnerability in Mattermost Desktop App for macOS allows attackers to inject malicious dynamic ...

Same vulnerability type (CWE-427)