CVE-2024-34123
📋 TL;DR
This CVE describes an untrusted search path vulnerability in Adobe Premiere Pro that could allow arbitrary code execution. Attackers could exploit this by placing malicious files in locations where Premiere Pro searches for executables or libraries. The vulnerability affects users of Premiere Pro versions 23.6.5, 24.4.1 and earlier who open projects from untrusted sources.
💻 Affected Systems
- Adobe Premiere Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the Premiere Pro user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation or malware execution within the user context, potentially stealing project files, credentials, or installing spyware.
If Mitigated
No impact if proper patching and security controls are implemented, as the vulnerability requires specific conditions and user interaction.
🎯 Exploit Status
Exploitation requires user interaction and knowledge of the application's search path behavior. No public exploits have been reported as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Premiere Pro 24.4.2 or later
Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' section. 3. Find Premiere Pro and click 'Update'. 4. Wait for download and installation to complete. 5. Restart Premiere Pro when prompted.
🔧 Temporary Workarounds
Restrict project file sources
allOnly open Premiere Pro project files from trusted sources and locations. Avoid opening projects from untrusted network shares, USB drives, or email attachments.
Run with reduced privileges
allRun Premiere Pro with standard user privileges rather than administrative rights to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized binaries
- Use endpoint detection and response (EDR) solutions to monitor for suspicious process creation from Premiere Pro
🔍 How to Verify
Check if Vulnerable:
Check Premiere Pro version via Help > About Premiere Pro. If version is 23.6.5, 24.4.1 or earlier, the system is vulnerable.Check Version:
On Windows: Check via Creative Cloud app or Premiere Pro Help menu. On macOS: Premiere Pro > About Premiere ProVerify Fix Applied:
Verify version is 24.4.2 or later in Help > About Premiere Pro. No further action needed if updated.📡 Detection & Monitoring
Log Indicators:
- Unexpected process execution from Premiere Pro directory
- Failed attempts to load DLLs or executables from unusual paths
Network Indicators:
- Unusual outbound connections from Premiere Pro process
SIEM Query:
Process creation where parent process contains 'premiere' and child process is from unusual location or has suspicious characteristics