CVE-2020-9660
📋 TL;DR
Adobe After Effects versions 17.1 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of Adobe After Effects on any operating system. Successful exploitation requires user interaction, such as opening a malicious file.
💻 Affected Systems
- Adobe After Effects
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or arbitrary code execution in the context of the current user, allowing attackers to install malware, steal files, or establish persistence.
If Mitigated
Limited impact with proper application sandboxing, user privilege restrictions, and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques. No public exploits were available at the time of disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.1.1 or later
Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb20-35.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' section. 3. Find Adobe After Effects and click 'Update'. 4. Alternatively, download the update directly from Adobe's website. 5. Restart the application after installation.
🔧 Temporary Workarounds
Restrict file opening
allPrevent users from opening untrusted After Effects project files or other media files from unknown sources.
Application sandboxing
allRun Adobe After Effects in a sandboxed environment or virtual machine to limit potential damage from exploitation.
🧯 If You Can't Patch
- Discontinue use of Adobe After Effects until patching is possible
- Implement strict file access controls and user training to prevent opening untrusted files
🔍 How to Verify
Check if Vulnerable:
Check Adobe After Effects version: Open the application, go to Help > About After Effects. If version is 17.1 or earlier, the system is vulnerable.Check Version:
On Windows: Check 'About After Effects' in the application. On macOS: Check 'About After Effects' in the application menu.Verify Fix Applied:
After updating, verify the version is 17.1.1 or later using the same method. Check that the update appears in Adobe Creative Cloud update history.📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes of Adobe After Effects
- Unusual file access patterns from After Effects process
- Creation of suspicious child processes by After Effects
Network Indicators:
- Unexpected outbound connections from After Effects process
- DNS requests to suspicious domains initiated by After Effects
SIEM Query:
Process creation where parent process contains 'AfterFX' and child process is suspicious (e.g., cmd.exe, powershell.exe, wscript.exe)