Login Sign Up

CVE-2024-34115

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2024-34115 is an out-of-bounds write vulnerability in Adobe Substance3D Stager that could allow arbitrary code execution when a user opens a malicious file. This affects users of Substance3D Stager versions 2.1.4 and earlier. Successful exploitation requires user interaction but would execute code with the current user's privileges.

💻 Affected Systems

Products:
  • Adobe Substance3D Stager
Versions: 2.1.4 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Substance 3d Stager by Adobe

View all CVEs affecting Substance 3d Stager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine and potentially pivoting to other systems in the network.

🟠

Likely Case

Local privilege escalation leading to data theft, ransomware deployment, or persistence establishment on the affected system.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions preventing system-wide compromise.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of file format specifics.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.5 or later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html

Restart Required: Yes

Instructions:

1. Open Substance3D Stager. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 2.1.5 or later. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file opening

all

Configure application control policies to prevent opening untrusted .stager files

User awareness training

all

Train users to only open Substance3D Stager files from trusted sources

🧯 If You Can't Patch

  • Run Substance3D Stager in a sandboxed environment with limited privileges
  • Implement application control to block execution of older vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check Substance3D Stager version in application settings or About dialog

Check Version:

On Windows: Check 'Help > About Substance3D Stager'. On macOS: 'Substance3D Stager > About Substance3D Stager'

Verify Fix Applied:

Verify version is 2.1.5 or later in application settings

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected file opening events in Substance3D Stager

Network Indicators:

  • Unusual outbound connections after opening .stager files

SIEM Query:

source="*" ("Substance3D Stager" AND (crash OR "access violation")) OR (process="Substance3D Stager" AND file_extension=".stager")

📊 Metadata

CVE ID: CVE-2024-34115
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 13, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34115, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)