CVE-2024-47423: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe FrameMaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2024-47423). The vulnerability was discovered and disclosed in October 2024, affecting Adobe FrameMaker software installations (NVD, Adobe Advisory).

The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type (CWE-434) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), needs user interaction (UI:R), and has a scope that's unchanged (S:U). The impact includes high confidentiality, integrity, and availability effects (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system, potentially leading to complete system compromise within the context of the affected application (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to Adobe FrameMaker versions newer than 2020.6 for the 2020 release line and versions newer than 2022.4 for the 2022 release line (Adobe Advisory).