CVE-2024-34123: 
Adobe Premiere Pro vulnerability analysis and mitigation

Adobe Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability identified as CVE-2024-34123. The vulnerability was disclosed on July 9, 2024, affecting both Windows and macOS operating systems (NVD, SecurityWeek).

The vulnerability is classified as an Untrusted Search Path vulnerability (CWE-426) with a CVSS v3.1 base score of 7.0 (HIGH). The attack vector is local (AV:L), with high attack complexity (AC:H), requires no privileges (PR:N), needs user interaction (UI:R), has an unchanged scope (S:U), and can potentially impact confidentiality, integrity, and availability at high levels (C:H/I:H/A:H) (NVD).

Successful exploitation of this vulnerability could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries (NVD).

Adobe has released patches to address this vulnerability. Users are advised to update to versions newer than 23.6.5 and 24.4.1 of Adobe Premiere Pro (Adobe Advisory).