CVE-2024-20789 – Adobe Dimension versions 3.4.11 and earlier con... (How to Fix)

Q: What is the severity of CVE-2024-20789?

CVE-2024-20789 has a CVSS score of 7.8 (HIGH). Adobe Dimension versions 3.4.11 and earlier contain a use-after-free vulnerability that could allow attackers to execute arbitrary code when a user opens a malicious file. This affects all users running vulnerable versions of Adobe Dimension software. Successful exploitation requires user interaction through opening a specially crafted file.

📋 TL;DR

Adobe Dimension versions 3.4.11 and earlier contain a use-after-free vulnerability that could allow attackers to execute arbitrary code when a user opens a malicious file. This affects all users running vulnerable versions of Adobe Dimension software. Successful exploitation requires user interaction through opening a specially crafted file.

💻 Affected Systems

Products:

Adobe Dimension

Versions: 3.4.11 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Dimension by Adobe

View all CVEs affecting Dimension →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to user files, system resources, or installation of malware.

🟢

If Mitigated

No impact if users avoid opening untrusted files and proper endpoint protection is in place.

🌐 Internet-Facing: LOW - Exploitation requires local file access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Risk exists within organizations where users might open files from untrusted sources, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.12 or later

Vendor Advisory: https://helpx.adobe.com/security/products/dimension/apsb24-47.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to Apps tab. 3. Find Adobe Dimension and click Update. 4. Restart computer after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Configure system policies to prevent opening untrusted files in Adobe Dimension

Application control

all

Use application whitelisting to restrict execution of Adobe Dimension to trusted users only

🧯 If You Can't Patch

Implement strict user training about not opening untrusted files in Adobe Dimension
Deploy endpoint protection with memory corruption detection capabilities

🔍 How to Verify

Check if Vulnerable:

Open Adobe Dimension, go to Help > About Adobe Dimension and check if version is 3.4.11 or earlier

Check Version:

Not applicable - check through application GUI

Verify Fix Applied:

Verify Adobe Dimension version is 3.4.12 or later in Help > About Adobe Dimension

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes of Adobe Dimension
Unusual file opening events in Adobe Dimension

Network Indicators:

None - local exploitation only

SIEM Query:

process_name:"Adobe Dimension" AND (event_type:crash OR file_path:*.dim OR file_path:*.dlib)

📊 Metadata

CVE ID: CVE-2024-20789

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: August 14, 2024

Last Updated: August 19, 2024

🔗 References

https://helpx.adobe.com/security/products/dimension/apsb24-47.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20789, you might also want to check these: