CVE-2023-48633: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) were identified with a Use After Free vulnerability, tracked as CVE-2023-48633. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on December 12, 2023. This security flaw affects both Windows and macOS operating systems running the specified versions of Adobe After Effects (Adobe Advisory, NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially lead to arbitrary code execution in the context of the current user. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while the attack requires local access and user interaction, it can result in high impacts across confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The impact is considered significant as it could potentially allow an attacker to execute malicious code with the same privileges as the affected user (NVD).

Adobe has addressed this vulnerability in After Effects version 24.1. Users are advised to update to the latest version to mitigate the risk. The fix was released as part of Adobe's security update APSB23-75 (Adobe Advisory).