Login Sign Up

CVE-2023-47058

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Premiere Pro versions 24.0 and earlier, and 23.6 and earlier, contain an out-of-bounds read vulnerability when parsing malicious files. An attacker can exploit this to execute arbitrary code with the victim's user privileges. Users who open untrusted Premiere Pro project files are at risk.

💻 Affected Systems

Products:
  • Adobe Premiere Pro
Versions: 24.0 and earlier, 23.6 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when opening files.

📦 What is this software?

Premiere Pro by Adobe

View all CVEs affecting Premiere Pro →

Premiere Pro by Adobe

View all CVEs affecting Premiere Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to data theft, ransomware deployment, or persistence establishment on the victim's workstation.

🟢

If Mitigated

Application crash or denial of service if memory protections prevent code execution.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open a malicious file, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious project files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and bypassing memory protections like ASLR/DEP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.1 and 23.7

Vendor Advisory: https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Premiere Pro and click 'Update'. 4. Restart Premiere Pro after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Configure Premiere Pro to only open trusted project files from known sources.

Application control

windows

Use application whitelisting to prevent execution of unauthorized code from Premiere Pro memory space.

🧯 If You Can't Patch

  • Discontinue use of Premiere Pro for untrusted project files.
  • Run Premiere Pro in a sandboxed or isolated environment.

🔍 How to Verify

Check if Vulnerable:

Check Premiere Pro version via Help > About Premiere Pro. If version is 24.0 or earlier, or 23.6 or earlier, it's vulnerable.

Check Version:

On Windows: wmic product where name="Adobe Premiere Pro" get version. On macOS: /Applications/Adobe\ Premiere\ Pro\ */Adobe\ Premiere\ Pro.app/Contents/Info.plist | grep -A1 CFBundleShortVersionString

Verify Fix Applied:

Verify version is 24.1 or later, or 23.7 or later after updating.

📡 Detection & Monitoring

Log Indicators:

  • Premiere Pro crash logs with memory access violations
  • Unexpected child processes spawned from Premiere Pro

Network Indicators:

  • Unusual outbound connections from Premiere Pro process

SIEM Query:

process_name:"Adobe Premiere Pro.exe" AND (event_id:1000 OR event_id:1001) AND exception_code:0xc0000005

📊 Metadata

CVE ID: CVE-2023-47058
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: November 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47058, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)