CVE-2023-47043 is an out-of-bounds read vulnerability classified under CWE-125 affecting Adobe Media Encoder versions 24.0.2 and earlier, and 23.6 and earlier. The vulnerability arises during the parsing of crafted media files, where the software reads beyond the allocated memory buffer, potentially leading to memory corruption. This memory corruption can be leveraged by an attacker to execute arbitrary code within the context of the current user. Exploitation requires that a victim opens a maliciously crafted file, making user interaction mandatory. The CVSS v3.1 base score is 7.8, indicating a high severity level, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported yet, the vulnerability's characteristics suggest a strong potential for impactful attacks, especially targeting creative professionals who handle untrusted media files. Adobe has not yet published patches, so users must rely on interim mitigations. The vulnerability's exploitation could lead to unauthorized code execution, data leakage, or system compromise, severely impacting affected systems.

For European organizations, especially those in media production, broadcasting, advertising, and creative industries where Adobe Media Encoder is widely used, this vulnerability presents a significant risk. Successful exploitation could lead to unauthorized code execution, enabling attackers to steal sensitive data, disrupt workflows, or deploy further malware. The confidentiality, integrity, and availability of critical media assets and production environments could be compromised. Given the user interaction requirement, targeted phishing or social engineering campaigns could be used to deliver malicious files. The impact extends to intellectual property theft and potential operational downtime. Organizations with remote or hybrid workforces may face increased risk if users open malicious files outside controlled environments. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of mitigation.

1. Immediately restrict the opening of media files from untrusted or unknown sources within Adobe Media Encoder. 2. Implement application control or whitelisting to limit execution of unauthorized files and scripts. 3. Educate users about the risks of opening unsolicited or suspicious media files, emphasizing the need for caution with files received via email or external sources. 4. Employ endpoint detection and response (EDR) solutions to monitor for anomalous behaviors related to Adobe Media Encoder processes. 5. Use network segmentation to isolate systems running Adobe Media Encoder from critical infrastructure. 6. Regularly back up important media projects and data to enable recovery in case of compromise. 7. Monitor Adobe security advisories closely and apply patches promptly once released. 8. Consider deploying sandbox environments for opening untrusted media files to contain potential exploitation. 9. Review and tighten file association settings to prevent automatic opening of media files by Adobe Media Encoder. 10. Collaborate with IT security teams to integrate this vulnerability into threat hunting and incident response plans.