Accessibility

Security advisory

Potential vulnerability in After Effects CS3

Release date: May 6, 2008

Vulnerability identifier: APSA08-05

CVE number: CVE-2008-1201

Platform: Windows

Affected Software: After Effects CS3

Summary

Adobe is aware of a recently published security issue in After Effects CS3 that could potentially cause code execution. An attacker would need to convince a user to open a malicious BMP file in After Effects to successfully exploit the issue. This issue is related to Security Advisory APSA08-04.

Details

An attacker would need to convince a user to open a malicious BMP file in After Effects to successfully exploit the issue. Adobe recommends that customers exercise caution when receiving unsolicited or suspicious BMP files.

It is not a common workflow to use BMP files within After Effects, and most assets used within the After Effects workflow are from trusted sources. Adobe will be fixing this issue in the next major release of After Effects.

Severity Rating

Adobe categorizes this as a critical issue and recommends that After Effects customers exercise caution when receiving unsolicited or suspicious BMP files.