Adobe Substance 3D Designer Users Beware of Malicious Files

CVECVE-2023-26398
CVSScvssV3_1: 7.8
SourceCVE-2023-26398

Adobe Substance 3D Designer, a 3D modeling and texturing software, has a vulnerability that could allow hackers to take control of your computer. The vulnerability, tracked as CVE-2023-26398, is caused by the software not properly checking the boundaries of files opened by the user.

Hackers could craft a malicious file that tricks the software into reading past the end of allocated memory. This could then allow the execution of malicious code with the user’s privileges.

In simple terms, opening a specially crafted file could let hackers run their own programs on your computer without your permission. They would gain the same level of access that you have.

The good news is exploiting this requires the victim to open a malicious file. However, hackers have been known to disguise such files as documents or use social engineering to trick users.

If you use Adobe Substance 3D Designer, be extra careful about opening files from untrusted sources. Only download files from official websites. It’s also a good idea to keep your software and operating system updated with the latest patches, as updates may have already addressed this vulnerability. Staying vigilant about opening files is the best way to protect yourself for now.

References