CVE-2024-20745
📋 TL;DR
A heap-based buffer overflow vulnerability in Adobe Premiere Pro allows attackers to execute arbitrary code when a user opens a malicious file. This affects users running vulnerable versions of Premiere Pro and could lead to complete system compromise under the current user's privileges.
💻 Affected Systems
- Adobe Premiere Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Malware installation, data exfiltration, or system disruption through crafted project files shared via email, downloads, or compromised websites.
If Mitigated
Limited to isolated workstation impact with no administrative privileges, contained by application sandboxing or network segmentation.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No public exploit code has been disclosed as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Premiere Pro 24.2 or later
Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application
2. Navigate to the 'Apps' section
3. Find Premiere Pro and click 'Update'
4. Wait for download and installation to complete
5. Restart Premiere Pro when prompted
🔧 Temporary Workarounds
Restrict file opening
allOnly open Premiere Pro project files from trusted sources and avoid opening unexpected attachments or downloads.
Application control
allUse application whitelisting to prevent execution of unauthorized code that might result from exploitation.
🧯 If You Can't Patch
- Isolate affected systems from critical network segments and internet access
- Implement strict email filtering for project file attachments and educate users about the risk
🔍 How to Verify
Check if Vulnerable:
Check Premiere Pro version via Help > About Premiere Pro. If version is 24.1, 23.6.2 or earlier, the system is vulnerable.Check Version:
In Premiere Pro: Help > About Premiere ProVerify Fix Applied:
Verify Premiere Pro version is 24.2 or later after updating through Adobe Creative Cloud.📡 Detection & Monitoring
Log Indicators:
- Unexpected Premiere Pro crashes with memory access violations
- Creation of suspicious processes from Premiere Pro executable
- Unusual file access patterns from Premiere Pro
Network Indicators:
- Outbound connections to unknown IPs initiated by Premiere Pro process
- DNS requests for suspicious domains from affected workstations
SIEM Query:
Process Creation where (Image contains 'premiere' OR ParentImage contains 'premiere') AND CommandLine contains unusual parameters