CVE-2020-24419: Uncontrolled Search Path Element in Adobe After Effects for Windows
First published: Tue Oct 20 2020(Updated: )
Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe After Effects | <=17.1.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-24419?
CVE-2020-24419 is rated as a critical vulnerability impacting Adobe After Effects.
How do I fix CVE-2020-24419?
To mitigate CVE-2020-24419, upgrade Adobe After Effects to version 17.1.2 or later.
What types of attacks can exploit CVE-2020-24419?
CVE-2020-24419 can be exploited through arbitrary code execution if a user opens a malicious file.
Which versions of Adobe After Effects are affected by CVE-2020-24419?
Adobe After Effects versions up to and including 17.1.1 are affected by CVE-2020-24419.
Is user interaction required to exploit CVE-2020-24419?
Yes, user interaction is required as a victim must open a malicious file to exploit CVE-2020-24419.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/severity
- agent/remedy
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe after effects
- version/adobe after effects/17.1.1
- vendor/microsoft
- canonical/microsoft windows