CVE-2024-41859: 
Adobe After Effects vulnerability analysis and mitigation

CVE-2024-41859 is an out-of-bounds write vulnerability affecting Adobe After Effects versions 23.6.6, 24.5 and earlier. The vulnerability was disclosed on September 13, 2024, and requires user interaction through opening a malicious file to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that could lead to arbitrary code execution in the context of the current user. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Adobe has released version 23.6.9 to address this vulnerability. Users are advised to update their Adobe After Effects installations to the latest version. Systems running with fewer user rights may be less impacted than those operating with administrative privileges (Adobe Advisory).