CVE-2023-22244
📋 TL;DR
Adobe Premiere Rush versions 2.6 and earlier contain a use-after-free vulnerability that allows arbitrary code execution when a user opens a malicious file. This affects users running vulnerable versions of Premiere Rush on any supported operating system. Successful exploitation requires user interaction to open a crafted file.
💻 Affected Systems
- Adobe Premiere Rush
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation or malware execution within the user context, potentially compromising sensitive project files and system resources accessible to the user.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, though user data within Premiere Rush could still be compromised.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code available at time of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7 or later
Vendor Advisory: https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html
Restart Required: Yes
Instructions:
1. Open Adobe Premiere Rush. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart the application. Alternatively, download latest version from Adobe Creative Cloud.
🔧 Temporary Workarounds
Restrict file opening
allOnly open Premiere Rush project files from trusted sources. Implement application control policies.
Run with reduced privileges
allRun Premiere Rush with standard user privileges instead of administrative rights.
🧯 If You Can't Patch
- Discontinue use of Adobe Premiere Rush until patched. Use alternative video editing software.
- Implement strict application control policies to prevent execution of Premiere Rush.
🔍 How to Verify
Check if Vulnerable:
Check Premiere Rush version: Open application, go to Help > About Premiere Rush. If version is 2.6 or earlier, system is vulnerable.Check Version:
On Windows: Check registry HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere Rush. On macOS: Check /Applications/Adobe Premiere Rush.app/Contents/Info.plistVerify Fix Applied:
Verify version is 2.7 or later in Help > About Premiere Rush. Check that updates are enabled in Creative Cloud.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Premiere Rush logs
- Unexpected file opening events
- Process creation from Premiere Rush with unusual parameters
Network Indicators:
- Unusual outbound connections from Premiere Rush process
- File downloads to Premiere Rush directory
SIEM Query:
Process creation where parent process contains 'Premiere Rush' AND (command line contains suspicious file extensions OR network connection established)