CVE-2024-41873 – Adobe Media Encoder versions 24.5, 23.6.8 and e... (How to Fix)

Q: What is the severity of CVE-2024-41873?

CVE-2024-41873 has a CVSS score of 5.5 (MEDIUM). Adobe Media Encoder versions 24.5, 23.6.8 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents when a user opens a malicious file. This could potentially bypass ASLR protections. Users of affected Adobe Media Encoder versions are at risk.

📋 TL;DR

Adobe Media Encoder versions 24.5, 23.6.8 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents when a user opens a malicious file. This could potentially bypass ASLR protections. Users of affected Adobe Media Encoder versions are at risk.

💻 Affected Systems

Products:

Adobe Media Encoder

Versions: 24.5 and earlier, 23.6.8 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Media Encoder by Adobe

View all CVEs affecting Media Encoder →

Media Encoder by Adobe

View all CVEs affecting Media Encoder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass ASLR and combine this with other vulnerabilities to achieve arbitrary code execution, potentially compromising the entire system.

🟠

Likely Case

Information disclosure of memory contents, which could reveal sensitive data or help bypass security mitigations for future attacks.

🟢

If Mitigated

Limited impact if proper file handling controls are in place and users don't open untrusted files.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly network exploitable.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious files, but still requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory layout. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.6 and 23.6.9

Vendor Advisory: https://helpx.adobe.com/security/products/media-encoder/apsb24-53.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to Updates section. 3. Install Media Encoder update to version 24.6 or 23.6.9. 4. Restart Media Encoder after installation.

🔧 Temporary Workarounds

Restrict file handling

all

Configure Media Encoder to only open trusted files from known sources

User awareness training

all

Train users not to open untrusted media files in Media Encoder

🧯 If You Can't Patch

Restrict Media Encoder usage to trusted users only
Implement application whitelisting to prevent execution of malicious files

🔍 How to Verify

Check if Vulnerable:

Check Media Encoder version in Help > About Media Encoder. If version is 24.5 or earlier, or 23.6.8 or earlier, system is vulnerable.

Check Version:

On Windows: Check Help > About Media Encoder. On macOS: Adobe Media Encoder > About Adobe Media Encoder

Verify Fix Applied:

Verify version is 24.6 or higher, or 23.6.9 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Media Encoder when processing files
Unusual file access patterns

Network Indicators:

Downloads of suspicious media files followed by Media Encoder execution

SIEM Query:

EventID=1000 AND ProcessName="Adobe Media Encoder.exe" AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2024-41873

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: September 13, 2024

Last Updated: September 16, 2024

🔗 References

https://helpx.adobe.com/security/products/media-encoder/apsb24-53.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41873, you might also want to check these: