Login Sign Up

CVE-2023-26352

5.5 MEDIUM

📋 TL;DR

Adobe Dimension versions 3.4.7 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. This could help bypass security mitigations like ASLR, potentially enabling further exploitation. Users who open malicious files with affected versions are at risk.

💻 Affected Systems

Products:
  • Adobe Dimension
Versions: 3.4.7 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default. Exploitation requires user interaction to open malicious files.

📦 What is this software?

Dimension by Adobe

View all CVEs affecting Dimension →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could leverage the memory disclosure to bypass ASLR and chain with other vulnerabilities for arbitrary code execution, potentially gaining full system control.

🟠

Likely Case

Memory disclosure that reveals sensitive information, which could be used to facilitate more sophisticated attacks against the system.

🟢

If Mitigated

Limited information disclosure with no direct code execution, though still providing attackers with useful memory layout information.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted with malicious files via email or shared drives, requiring user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory layout. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.8 or later

Vendor Advisory: https://helpx.adobe.com/security/products/dimension/apsb23-20.html

Restart Required: Yes

Instructions:

1. Open Adobe Dimension. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 3.4.8 or later. 4. Restart Adobe Dimension after installation.

🔧 Temporary Workarounds

Restrict file opening

all

Configure system to only allow opening trusted files and block suspicious file types

Application control

all

Use application whitelisting to prevent execution of unauthorized files

🧯 If You Can't Patch

  • Implement strict file handling policies to prevent opening untrusted files
  • Use sandboxing or virtualization for Adobe Dimension usage

🔍 How to Verify

Check if Vulnerable:

Check Adobe Dimension version in Help > About Adobe Dimension. If version is 3.4.7 or earlier, system is vulnerable.

Check Version:

On Windows: Check version in Help > About. On macOS: Adobe Dimension > About Adobe Dimension

Verify Fix Applied:

Verify Adobe Dimension version is 3.4.8 or later in Help > About Adobe Dimension.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in Adobe Dimension
  • Unexpected file opening events

Network Indicators:

  • Downloads of suspicious files followed by Adobe Dimension execution

SIEM Query:

source="*adobe*" AND (event_type="crash" OR file_name="*.dim" OR file_name="*.dlib")

📊 Metadata

CVE ID: CVE-2023-26352
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26352, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)