PT-2020-5015 · Adobe · Indesign

Published

2020-09-08

Updated

2021-09-14

CVE-2020-9728

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe InDesign versions 15.1.1 and earlier

Description The issue is related to a memory corruption vulnerability that can cause an out-of-bounds memory access. This can potentially allow a remote attacker to execute arbitrary code in the context of the current user by using a specially crafted file. The vulnerability is exploited through insecure handling of a malicious indd file.

Recommendations For Adobe InDesign versions 15.1.1 and earlier, update to a version that fixes the memory corruption vulnerability to prevent potential code execution in the context of the current user. As a temporary workaround, consider avoiding the use of malicious or untrusted indd files until a patch is available. Restrict access to untrusted files to minimize the risk of exploitation.

Fix

Buffer Overflow

Memory Corruption

Access of Memory Location After End of Buffer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-788

Related Identifiers

BDU:2020-05600

CVE-2020-9728

Affected Products

Indesign

PT-2020-5015 · Adobe · Indesign

CVE-2020-9728

Weakness Enumeration

Related Identifiers

Affected Products

References · 5