CVE-2024-49518: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

CVE-2024-49518 affects Adobe Substance3D - Painter versions 10.1.0 and earlier. This vulnerability is classified as an out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user. The vulnerability was disclosed on November 12, 2024, and requires user interaction through opening a malicious file for exploitation (NVD, Adobe Advisory).

The vulnerability is categorized as an out-of-bounds write (CWE-787) with a CVSS v3.1 base score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This indicates a high-severity vulnerability with local attack vector, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Substance3D Painter application (ASEC).

Adobe has released version 10.1.1 of Substance 3D Painter to address this vulnerability. Users are advised to update to this latest version to mitigate the risk (ASEC).