CVE-2023-48634: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability identified as CVE-2023-48634. The vulnerability was disclosed on December 13, 2023, and received a CVSS v3.1 base score of 7.8 (HIGH). This security flaw affects both Windows and macOS operating systems running the specified versions of Adobe After Effects (NVD, Adobe Advisory).

The vulnerability is classified as an Improper Input Validation issue (CWE-20). It has received a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required. The vulnerability affects the core functionality of Adobe After Effects and its input validation mechanisms (Adobe Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running Adobe After Effects (NVD).

Adobe has addressed this vulnerability in newer versions of After Effects. Users are advised to update their software to versions newer than 24.0.3 or 23.6.0 to mitigate this security risk (Adobe Advisory).