CVE-2023-47073
📋 TL;DR
Adobe After Effects versions 24.0.2 and earlier, and 23.6 and earlier, contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code with the privileges of the current user. Exploitation requires the victim to open a malicious file, making this a client-side attack vector primarily affecting users who process untrusted project files.
💻 Affected Systems
- Adobe After Effects
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through arbitrary code execution with the victim's user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware installation on the affected workstation, with potential for data exfiltration from the user's system.
If Mitigated
Limited impact if user runs with minimal privileges, has application sandboxing, or opens only trusted files.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques. No public exploits have been reported as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.1 and 23.6.1
Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb23-66.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe After Effects. 4. Click 'Update' button. 5. Restart computer after installation completes.
🔧 Temporary Workarounds
Restrict file opening
allConfigure system policies to prevent opening of untrusted After Effects project files (.aep, .aet)
Run with reduced privileges
allRun Adobe After Effects with standard user privileges instead of administrative rights
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized code
- Use endpoint detection and response (EDR) solutions to monitor for suspicious process creation
🔍 How to Verify
Check if Vulnerable:
Check Adobe After Effects version via Help > About After Effects. If version is 24.0.2 or earlier, or 23.6 or earlier, the system is vulnerable.Check Version:
On Windows: Check via Creative Cloud app or Help > About After Effects. On macOS: Adobe After Effects > About After Effects.Verify Fix Applied:
Verify version is 24.1 or higher for version 24.x, or 23.6.1 or higher for version 23.x.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes of After Effects
- Suspicious child processes spawned from After Effects
Network Indicators:
- Unexpected outbound connections from After Effects process
SIEM Query:
Process creation where parent_process_name contains 'After Effects' and (process_name not in allowed_list)