The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.8 or 24.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-76 advisory.

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability     that could result in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2024-47410)

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2024-47411)

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could     result in arbitrary code execution in the context of the current user. Exploitation of this issue requires     user interaction in that a victim must open a malicious file. (CVE-2024-47412, CVE-2024-47413,     CVE-2024-47414, CVE-2024-47415, CVE-2024-47418)

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    (CVE-2024-47416)

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability     that could result in arbitrary code execution in the context of the current user. Exploitation of this     issue requires user interaction in that a victim must open a malicious file. (CVE-2024-47417)

  - Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could     lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass     mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open     a malicious file. (CVE-2024-47419, CVE-2024-47420)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Animate 23.x < 23.0.8 / 24.x < 24.0.5 Multiple Vulnerabilities (APSB24-76)

high Nessus Plugin ID 208272

Version 1.5

Version 1.4

Version 1.3

Version 1.1

Version 1.5 Nov 21, 2024, 2:36 PM CVE (set "CVE" coverage to "CVE-2024-47410,CVE-2024-47411,CVE-2024-47412,CVE-2024-47413,CVE-2024-47414,CVE-2024-47415,CVE-2024-47416,CVE-2024-47417,CVE-2024-47418,CVE-2024-47419,CVE-2024-47420,CVE-2024-49526,CVE-2024-49527,CVE-2024-49528") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 score source (changed from "CVE-2024-47418" to "CVE-2024-49528") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Reference Plugin Feed: 202411211436
Version 1.4 Oct 18, 2024, 9:34 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410180934
Version 1.3 Oct 11, 2024, 5:40 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202410111740
Version 1.1 Oct 8, 2024, 10:36 PM New Plugin Feed: 202410082236