CVE-2024-47420 – Adobe Animate versions 23.0.7, 24.0.4 and earli... (How to Fix)

Q: What is the severity of CVE-2024-47420?

CVE-2024-47420 has a CVSS score of 5.5 (MEDIUM). Adobe Animate versions 23.0.7, 24.0.4 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. This could potentially bypass security mitigations like ASLR. Users who open malicious files with vulnerable Animate versions are affected.

📋 TL;DR

Adobe Animate versions 23.0.7, 24.0.4 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents. This could potentially bypass security mitigations like ASLR. Users who open malicious files with vulnerable Animate versions are affected.

💻 Affected Systems

Products:

Adobe Animate

Versions: 23.0.7 and earlier, 24.0.4 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable when opening files.

📦 What is this software?

Animate by Adobe

View all CVEs affecting Animate →

Animate by Adobe

View all CVEs affecting Animate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure leading to ASLR bypass enabling further exploitation, potentially resulting in arbitrary code execution or sensitive information leakage.

🟠

Likely Case

Limited information disclosure from memory, potentially revealing application data or system information without direct code execution.

🟢

If Mitigated

No impact if malicious files are not opened or if proper file validation is in place.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted with malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) and memory manipulation to achieve meaningful exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Animate 23.0.8 or 24.0.5

Vendor Advisory: https://helpx.adobe.com/security/products/animate/apsb24-76.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe Animate. 4. Click 'Update' if available. 5. Restart computer after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Animate files from trusted sources and disable automatic file opening

Application control

all

Use application whitelisting to restrict Animate execution to specific users

🧯 If You Can't Patch

Implement strict file validation policies for Animate files
Use sandboxing or virtualization for Animate when opening untrusted files

🔍 How to Verify

Check if Vulnerable:

Check Animate version via Help > About Adobe Animate

Check Version:

On Windows: wmic product where name="Adobe Animate" get version

Verify Fix Applied:

Verify version is 23.0.8 or higher (for v23) or 24.0.5 or higher (for v24)

📡 Detection & Monitoring

Log Indicators:

Animate crash logs with memory access violations
Unexpected file opening events in Animate

Network Indicators:

Downloads of Animate files from untrusted sources

SIEM Query:

source="*animate*" AND (event="crash" OR event="file_open")

📊 Metadata

CVE ID: CVE-2024-47420

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: October 9, 2024

Last Updated: October 10, 2024

🔗 References

https://helpx.adobe.com/security/products/animate/apsb24-76.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47420, you might also want to check these: