CVE-2023-47073: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability identified as CVE-2023-47073. This vulnerability was disclosed on November 17, 2023, and requires user interaction through opening a malicious file to be exploited (NVD, CVE).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. It has received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates significant potential impact on system security, affecting confidentiality, integrity, and availability of the system (NVD).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than After Effects 24.0.2 or 23.6 to mitigate this security risk (Adobe Advisory).