CVE-2024-45152
📋 TL;DR
CVE-2024-45152 is an out-of-bounds write vulnerability in Substance3D Stager that allows arbitrary code execution when a user opens a malicious file. This affects users of Substance3D Stager versions 3.0.3 and earlier, potentially compromising their systems.
💻 Affected Systems
- Adobe Substance 3D Stager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malware installation leading to data exfiltration, credential theft, or system disruption for individual users who open malicious project files.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially containing the exploit to the application context.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of file format manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.4 or later
Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to Apps tab. 3. Find Substance 3D Stager. 4. Click Update to version 3.0.4 or later. 5. Restart the application after update completes.
🔧 Temporary Workarounds
Restrict file opening
allOnly open Substance3D Stager files from trusted sources and avoid opening unknown .sbsar or project files.
Application sandboxing
allRun Substance3D Stager in a sandboxed environment or virtual machine to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized binaries that might be dropped by an exploit.
- Run Substance3D Stager with minimal user privileges (non-admin account) to limit the scope of potential compromise.
🔍 How to Verify
Check if Vulnerable:
Check Substance3D Stager version in Help > About Substance 3D Stager menu. If version is 3.0.3 or earlier, the system is vulnerable.Check Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Substance 3D Stager\Version. On macOS: Check /Applications/Adobe Substance 3D Stager/Contents/Info.plist for CFBundleShortVersionString.Verify Fix Applied:
Verify version is 3.0.4 or later in Help > About Substance 3D Stager menu.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected child processes spawned from Substance3D Stager
- Unusual file system activity from the application
Network Indicators:
- Unexpected outbound connections from Substance3D Stager process
- DNS requests to suspicious domains following file opening
SIEM Query:
process_name:"Substance 3D Stager.exe" AND (event_id:1000 OR event_id:1001) OR process_parent_name:"Substance 3D Stager.exe" AND process_name NOT IN (expected_child_processes)