1. Home
  2. CVE Database
  3. CVE-2024-49515
HIGH · 7.8

CVE-2024-49515

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to ...

Vulnerability Description

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AdobeSubstance 3D Painter< 10.1.1

Related Weaknesses (CWE)

CWE-426

References

FAQ

What is CVE-2024-49515?

CVE-2024-49515 is a vulnerability with a CVSS score of 7.8 (HIGH). Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to ...

How severe is CVE-2024-49515?

CVE-2024-49515 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-49515?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Substance 3D Painter.