CVE-2023-47068
📋 TL;DR
Adobe After Effects has an out-of-bounds read vulnerability that could allow arbitrary code execution when a user opens a malicious file. Attackers could exploit this to run code with the victim's privileges. Users of Adobe After Effects versions 24.0.2 and earlier or 23.6 and earlier are affected.
💻 Affected Systems
- Adobe After Effects
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through arbitrary code execution with the current user's privileges, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or malware installation when a user opens a malicious After Effects project file.
If Mitigated
Limited impact if users only open trusted files from verified sources and have proper endpoint protection.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of memory layout. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.0.3 or 23.6.1
Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb23-66.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe After Effects. 4. Click 'Update' button. 5. Wait for download and installation. 6. Restart computer if prompted.
🔧 Temporary Workarounds
Restrict file opening
allConfigure application control policies to restrict opening of After Effects project files from untrusted sources.
User awareness training
allTrain users to only open After Effects files from trusted sources and verify file integrity.
🧯 If You Can't Patch
- Implement application whitelisting to block execution of malicious code
- Use endpoint detection and response (EDR) solutions to monitor for suspicious file opening behavior
🔍 How to Verify
Check if Vulnerable:
Check Adobe After Effects version in Help > About After Effects. If version is 24.0.2 or earlier, or 23.6 or earlier, system is vulnerable.Check Version:
On Windows: Check version in Help > About After Effects. On macOS: Adobe After Effects > About After Effects.Verify Fix Applied:
Verify version is 24.0.3 or higher, or 23.6.1 or higher after updating through Adobe Creative Cloud.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes of After Effects
- Suspicious file opening events from unusual locations
- Creation of unexpected child processes from After Effects
Network Indicators:
- Outbound connections from After Effects to unknown IPs after file opening
- DNS requests for suspicious domains
SIEM Query:
Process creation where parent_process_name contains 'AfterFX' and (process_name contains 'cmd.exe' or process_name contains 'powershell.exe' or process_name contains 'wscript.exe')