Login Sign Up

CVE-2024-30286

5.5 MEDIUM

📋 TL;DR

Adobe Framemaker versions 2020.5, 2022.3 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. This could help bypass security mitigations like ASLR. Users who open malicious files with affected versions are at risk.

💻 Affected Systems

Products:
  • Adobe Framemaker
Versions: 2020.5 and earlier, 2022.3 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing files.

📦 What is this software?

Framemaker by Adobe

View all CVEs affecting Framemaker →

Framemaker by Adobe

View all CVEs affecting Framemaker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass ASLR and combine this with other vulnerabilities to achieve arbitrary code execution, potentially compromising the entire system.

🟠

Likely Case

Information disclosure leading to memory address leaks that could facilitate more sophisticated attacks against the system.

🟢

If Mitigated

Limited information disclosure with no direct code execution if proper memory protections are in place.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly network exploitable.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious documents, but still requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file) and likely requires chaining with other vulnerabilities for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2020.6 and 2022.4

Vendor Advisory: https://helpx.adobe.com/security/products/framemaker/apsb24-37.html

Restart Required: Yes

Instructions:

1. Open Adobe Framemaker. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart Framemaker after installation.

🔧 Temporary Workarounds

Restrict file types

all

Block or restrict opening of untrusted Framemaker files via group policy or application controls

User awareness training

all

Train users not to open Framemaker files from untrusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to block execution of vulnerable Framemaker versions
  • Use endpoint protection with file reputation checking to block malicious documents

🔍 How to Verify

Check if Vulnerable:

Check Framemaker version via Help > About Adobe Framemaker. If version is 2020.5 or earlier, or 2022.3 or earlier, you are vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\FrameMaker\XX.X\Installation (where XX.X is version)

Verify Fix Applied:

Verify version is 2020.6 or higher for 2020 branch, or 2022.4 or higher for 2022 branch.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected file opens from untrusted sources

Network Indicators:

  • Downloads of Framemaker files from suspicious sources

SIEM Query:

source="*framemaker*" AND (event_type="crash" OR file_extension="*.fm" OR file_extension="*.book")

📊 Metadata

CVE ID: CVE-2024-30286
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: May 16, 2024
Last Updated: December 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30286, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)