Login Sign Up

CVE-2023-47042

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Adobe Media Encoder allows attackers to execute arbitrary code when a user opens a malicious file. This affects users running vulnerable versions of Adobe Media Encoder on any operating system. Successful exploitation requires user interaction but could lead to full system compromise.

💻 Affected Systems

Products:
  • Adobe Media Encoder
Versions: 24.0.2 and earlier, 23.6 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration settings.

📦 What is this software?

Media Encoder by Adobe

View all CVEs affecting Media Encoder →

Media Encoder by Adobe

View all CVEs affecting Media Encoder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation or system compromise when users open malicious media files from untrusted sources, with attackers gaining user-level access to the system.

🟢

If Mitigated

Limited impact with proper user training and security controls preventing execution of malicious files, though system could still crash from malformed input.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and heap manipulation knowledge, but buffer overflow vulnerabilities are commonly exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.0.3 and 23.6.1

Vendor Advisory: https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Adobe Media Encoder. 4. Click 'Update' button. 5. Wait for download and installation. 6. Restart computer if prompted.

🔧 Temporary Workarounds

Restrict file types

all

Block or quarantine suspicious media files at email gateways and network perimeters

User training

all

Educate users to only open media files from trusted sources

🧯 If You Can't Patch

  • Restrict user permissions to limit potential damage from code execution
  • Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check Adobe Media Encoder version in Help > About menu

Check Version:

On Windows: wmic product where name="Adobe Media Encoder" get version
On macOS: /Applications/Adobe Media Encoder 2023/Adobe Media Encoder.app/Contents/Info.plist (check CFBundleShortVersionString)

Verify Fix Applied:

Verify version is 24.0.3 or higher (for version 24) or 23.6.1 or higher (for version 23)

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with heap corruption errors
  • Unexpected child processes spawned from Media Encoder

Network Indicators:

  • Unusual outbound connections from Media Encoder process

SIEM Query:

process_name:"Adobe Media Encoder.exe" AND (event_type:crash OR parent_process:"Adobe Media Encoder.exe")

📊 Metadata

CVE ID: CVE-2023-47042
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: November 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47042, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)