CVE-2024-47445
📋 TL;DR
CVE-2024-47445 is an out-of-bounds read vulnerability in Adobe After Effects that could allow an attacker to read sensitive memory contents. This could potentially bypass security mitigations like ASLR, though exploitation requires user interaction to open a malicious file. Users of affected After Effects versions are at risk.
💻 Affected Systems
- Adobe After Effects
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive memory contents, potentially bypassing ASLR to enable more sophisticated attacks or leak confidential information from the application's memory space.
Likely Case
Limited information disclosure from the application's memory, potentially revealing some system information but unlikely to lead to full system compromise without additional vulnerabilities.
If Mitigated
With proper controls, the impact is minimal as exploitation requires user interaction and the vulnerability only allows reading, not writing, to memory.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and understanding of memory layout. The vulnerability only allows reading memory, not arbitrary code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: After Effects 23.6.10 and 24.6.3
Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb24-85.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find After Effects and click 'Update'. 4. Restart After Effects after update completes.
🔧 Temporary Workarounds
Restrict file opening
allOnly open After Effects project files from trusted sources. Implement policies to block suspicious file types.
Application sandboxing
allRun After Effects in a sandboxed environment to limit potential impact of memory disclosure.
🧯 If You Can't Patch
- Implement strict file handling policies to prevent opening untrusted After Effects project files
- Use application control solutions to restrict After Effects from accessing untrusted network locations
🔍 How to Verify
Check if Vulnerable:
Check After Effects version via Help > About After Effects. If version is 23.6.9 or earlier, or 24.6.2 or earlier, the system is vulnerable.Check Version:
On Windows: Check via Creative Cloud app or Help > About After Effects. On macOS: Check via Creative Cloud app or After Effects > About After Effects.Verify Fix Applied:
Verify After Effects version is 23.6.10 or later for version 23.x, or 24.6.3 or later for version 24.x.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected file opening events in After Effects
Network Indicators:
- Downloads of suspicious After Effects project files from untrusted sources
SIEM Query:
EventID=4688 AND ProcessName='AfterFX.exe' AND CommandLine LIKE '%.aep%' OR EventID=1000 AND Application='AfterFX.exe'