CVE-2024-52996: 
Adobe Substance 3D Sampler vulnerability analysis and mitigation

CVE-2024-52996 is a Heap-based Buffer Overflow vulnerability affecting Adobe Substance3D - Sampler versions 4.5.1 and earlier. The vulnerability was disclosed on December 10, 2024, and could result in arbitrary code execution in the context of the current user. Exploitation of this vulnerability requires user interaction, specifically requiring a victim to open a malicious file (NVD).

The vulnerability has been classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 Base Score of 7.8 (HIGH). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, user interaction required, and high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the affected application, potentially allowing them to view, change, or delete data based on the user's permissions (NVD).

Adobe has released version 4.5.2 of Substance3D Sampler to address this vulnerability. Users of affected versions are strongly advised to update to the latest version (Adobe Advisory).