CVE-2024-45140: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance3D - Stager version 3.0.3 and earlier contains an out-of-bounds write vulnerability (CVE-2024-45140) that was discovered in October 2024. This vulnerability affects both Windows and macOS operating systems. The vulnerability was reported to Adobe and assigned a CVSS v3.1 base score of 7.8 (High) (NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact severity depends on the user's privileges - users with administrative rights could be more severely impacted than those with restricted privileges (CIS Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to versions newer than 3.0.3 of Substance3D Stager. The update should be applied immediately after appropriate testing (CIS Advisory).