Login Sign Up

CVE-2023-48627

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe Substance 3D Sampler versions 4.2.1 and earlier contain an out-of-bounds write vulnerability that allows arbitrary code execution when a user opens a malicious file. This affects users of Adobe Substance 3D Sampler who open untrusted files, potentially leading to full system compromise.

💻 Affected Systems

Products:
  • Adobe Substance 3D Sampler
Versions: 4.2.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when opening files.

📦 What is this software?

Substance 3d Sampler by Adobe

View all CVEs affecting Substance 3d Sampler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining the same privileges as the current user, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation or credential theft when users open malicious files from untrusted sources, particularly in creative workflows where file sharing is common.

🟢

If Mitigated

Limited impact with proper user training and file validation, potentially only crashing the application without code execution.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly accessible via network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file) and likely requires file format manipulation expertise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html

Restart Required: Yes

Instructions:

1. Open Adobe Substance 3D Sampler. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file opening

all

Only open files from trusted sources and avoid opening unknown .sbsar or other Substance file formats.

Application sandboxing

all

Run Adobe Substance 3D Sampler in a sandboxed environment to limit potential damage from exploitation.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use endpoint detection and response (EDR) tools to monitor for suspicious process creation

🔍 How to Verify

Check if Vulnerable:

Check Adobe Substance 3D Sampler version in application settings or About dialog.

Check Version:

Open Adobe Substance 3D Sampler and navigate to Help > About Substance 3D Sampler

Verify Fix Applied:

Verify version is 4.2.2 or later after updating.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected child processes spawned from Substance 3D Sampler

Network Indicators:

  • Unusual outbound connections from Substance 3D Sampler process

SIEM Query:

process_name:"Substance 3D Sampler.exe" AND (event_id:1000 OR parent_process_name:"Substance 3D Sampler.exe")

📊 Metadata

CVE ID: CVE-2023-48627
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48627, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)