ZDI-CAN-21697: Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-47041

7.8HIGH

Key Information:

Vendor: Adobe
Status: Media Encoder
Vendor: CVE Published:; 16 November 2023

Summary

Adobe Media Encoder, specifically versions 24.0.2 and 23.6, contains an out-of-bounds write vulnerability that poses a risk of arbitrary code execution when a user opens a malicious file. This vulnerability requires user interaction, making it essential for users to avoid opening unknown or suspicious files in order to mitigate potential security risks. Proper awareness and security practices are vital to defend against such exploits.

Affected Version(s)

Media Encoder 0 <= 23.6

References

https://helpx.adobe.com/security/products/media-encoder/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Oct 30, 2023