Login Sign Up

CVE-2023-47070

7.8 HIGH

📋 TL;DR

Adobe After Effects versions 24.0.2 and earlier, and 23.6 and earlier, contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code with the privileges of the current user. This vulnerability requires user interaction, specifically opening a malicious file, making it a client-side attack vector primarily affecting individual users and workstations.

💻 Affected Systems

Products:
  • Adobe After Effects
Versions: 24.0.2 and earlier, 23.6 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

After Effects by Adobe

View all CVEs affecting After Effects →

After Effects by Adobe

View all CVEs affecting After Effects →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected workstation, enabling data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, malware installation, or persistence mechanisms on the compromised workstation.

🟢

If Mitigated

Limited impact with proper application sandboxing, user privilege restrictions, and security software preventing malicious file execution.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: After Effects 24.0.3 and 23.6.1

Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb23-66.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Adobe After Effects. 4. Click 'Update' button. 5. Restart computer after installation completes.

🔧 Temporary Workarounds

Restrict file opening

all

Implement application control policies to prevent opening untrusted After Effects project files

User awareness training

all

Train users to only open After Effects files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to block execution of malicious payloads
  • Run After Effects with reduced user privileges or in sandboxed environments

🔍 How to Verify

Check if Vulnerable:

Check After Effects version via Help > About After Effects menu

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 24.0.3 or higher, or 23.6.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process creation from After Effects
  • Memory access violations in application logs
  • Unusual file access patterns

Network Indicators:

  • Outbound connections from After Effects process to unknown IPs
  • DNS queries for suspicious domains

SIEM Query:

process_name:"AfterFX.exe" AND (event_type:"process_creation" OR event_type:"file_access")

📊 Metadata

CVE ID: CVE-2023-47070
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47070, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)