CVE-2024-20743: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

CVE-2024-20743 is an out-of-bounds write vulnerability affecting Adobe Substance3D - Painter versions 9.1.1 and earlier. The vulnerability was disclosed on February 15, 2024, and requires user interaction through opening a malicious file to be exploited (NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) with a CVSS v3.1 base score of 7.8 (HIGH), and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, with low attack complexity, no privileges required, and user interaction needed for exploitation (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the logged-in user (CIS Advisory).

Adobe has released updates to address this vulnerability. Users are advised to update to the latest version of Substance3D Painter. Organizations should apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing (Adobe Advisory).