Login Sign Up

CVE-2023-26394

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Substance 3D Stager versions 2.0.1 and earlier contain a heap-based buffer overflow vulnerability that could allow attackers to execute arbitrary code with the privileges of the current user. This affects users who open malicious files with the vulnerable software. The vulnerability requires user interaction through opening a malicious file.

💻 Affected Systems

Products:
  • Adobe Substance 3D Stager
Versions: 2.0.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing malicious files.

📦 What is this software?

Substance 3d Stager by Adobe

View all CVEs affecting Substance 3d Stager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the user's system, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, malware installation, or persistence mechanisms being established on the compromised system.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash rather than code execution.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html

Restart Required: Yes

Instructions:

1. Open Adobe Substance 3D Stager
2. Navigate to Help > Check for Updates
3. Follow prompts to install version 2.0.2 or later
4. Restart the application

🔧 Temporary Workarounds

Restrict File Opening

all

Only open files from trusted sources and implement file type restrictions

Application Sandboxing

all

Run Adobe Substance 3D Stager in a sandboxed environment to limit potential damage

🧯 If You Can't Patch

  • Remove Adobe Substance 3D Stager from critical systems
  • Implement application whitelisting to prevent execution of vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check version in Adobe Substance 3D Stager under Help > About

Check Version:

Not applicable - check through application GUI

Verify Fix Applied:

Verify version is 2.0.2 or later in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected file processing events
  • Suspicious child processes spawned from Adobe Substance 3D Stager

Network Indicators:

  • Outbound connections from Adobe Substance 3D Stager to unexpected destinations
  • DNS requests for suspicious domains following file opening

SIEM Query:

process_name:"Adobe Substance 3D Stager.exe" AND (event_id:1000 OR event_id:1001) OR parent_process:"Adobe Substance 3D Stager.exe" AND process_creation

📊 Metadata

CVE ID: CVE-2023-26394
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: April 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26394, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)